SoylentNews

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

by jan

Airlines seen as vulnerable as ransomware confirmed in weekend cyberattack [siliconrepublic.com]:

Airlines seen as vulnerable as ransomware confirmed in weekend cyberattack Save article

A ransomware attack was confirmed by ENISA, Europe’s cybersecurity agency, as the source of the weekend’s airport disruption.

While no one crew has claimed responsibility for the attack that disrupted a number of European airports, including in Brussels, Berlin, London, Dublin and Cork this weekend [siliconrepublic.com], Europe’s cybersecurity agency (ENISA) confirmed to the BBC that a ransomware attack was behind the chaos.

“The type of ransomware has been identified. Law enforcement is involved to investigate,” the agency told Reuters.

The cyberattack disrupted check-in and baggage systems last Friday (19 September), targeting ‘Muse’ (multi-user system environment), a software tool made by Collins Aerospace, which provides a range of aircraft technologies, including baggage tagging and handling.

Experts had been warning for some time that airlines are particularly susceptible to widespread attacks. In July, after UK retailers were hit hard with Scattered Spider attacks [siliconrepublic.com], the FBI and cyber experts warned that airlines were likely to be next [siliconrepublic.com] in line. Hackers using Scattered Spider tactics are renowned for targeting one sector at a time, although there is no indication as yet that they were behind this attack.

“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector,” the US agency said back in July.

“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorised MFA devices to compromised accounts.

“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” it continued. “The FBI is actively working with aviation and industry partners to address this activity and assist victims.”

The aviation industry is seen to be particularly vulnerable given the complexity of its networks and wide array of links to third parties, according to many experts.

“The aviation sector, with its complex network of third-party suppliers and contractors, presents an attractive target,” said Haris Pylarinos, founder and CEO of cybersecurity company Hack the Box back in July. “If just one weak link is compromised, the ripple effects could be massive.”

While the effects of the weekend attack were limited, it is certainly a major wake-up call for the airline industry.

“I’m deeply concerned but not surprised by the scale of the cyberattack on European airports,” said Adam Blake, CEO and founder of cybersecurity company ThreatSpike

“Businesses are pouring vast sums of money into advanced security tools and bolt-on solutions, but it’s just fragmenting security posture, creating overlapping controls and gaps for adversaries to exploit.

“Cybersecurity needs to be treated a lot more holistically, as a strategic priority built on end-to-end visibility, consistent monitoring and response, and proactive threat detection,” he warned. “Where organisations stitch together a patchwork of vendors, vulnerabilities will inevitably emerge.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief [eepurl.com], Silicon Republic’s digest of need-to-know sci-tech news.

You May Also Like You May Also Like Opinion: Europe’s regulatory discord is killing our start-ups – here’s the fix [siliconrepublic.com]UK teens charged over Scattered Spider attack on Transport for London [siliconrepublic.com]Scientists urge EU governments to reject Chat Control rules [siliconrepublic.com]EU fines Google €2.95bn for ‘illegal’ adtech actions [siliconrepublic.com]EU, US detail tariff deal, confirm 15pc ceiling on chips, pharma [siliconrepublic.com]Workday hit by data breach targeting CRM systems [siliconrepublic.com]More from Technology

Original Submission