{"id":18843,"date":"2021-09-25T00:22:53","date_gmt":"2021-09-24T20:22:53","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/protecting-airports\/18843\/"},"modified":"2021-09-25T00:22:53","modified_gmt":"2021-09-24T20:22:53","slug":"protecting-airports","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/protecting-airports\/18843\/","title":{"rendered":"Protecting airports from cyberincidents"},"content":{"rendered":"<p>Protecting airport information systems from cyberincidents is no trivial task. Even a relatively minor glitch can lead to chaos, flight delays, and lawsuits from disgruntled passengers. As a good illustration of the phenomenon, the 2016 <a href=\"https:\/\/www.kaspersky.com\/blog\/delta-air-lines-failure\/12762\/\" target=\"_blank\" rel=\"noopener nofollow\">Delta Airlines computer system crash<\/a> caused trouble for hundreds of thousands of people around the world. Facing massive expenses and operational dysfunction, airport administration scrambles to prevent chaos following an attack. It\u2019s no wonder that airports represent such attractive targets for ransomware attacks.<\/p>\n<p>Another reason airports draw criminal attention is passenger information: Airport systems usually hold not only travel document data, but also payment information. And that\u2019s an issue not only for customers, but for the airport itself; modern data protection laws give no quarter to organizations that are lax on data protection. For example, <a href=\"https:\/\/www.bbc.com\/news\/business-45785227\" target=\"_blank\" rel=\"nofollow noopener\">Heathrow Airport was fined \u00a3120,000<\/a> for the loss of a flash drive containing operating information, including the details of several security service employees.<\/p>\n<h2>Famous airport cyberincidents<\/h2>\n<p>You don\u2019t have to look far to find examples of destructive cyberincidents affecting air transportation.<\/p>\n<ul>\n<li>In the summer of 2017, during the ExPetr (aka NotPetya\/PetrWrap) global pandemic, the website and online departure board at <a href=\"https:\/\/techmonitor.ai\/techonology\/cybersecurity\/chaos-ukraine-ransomware-cyber-attack-hits-airports-banks-government\" target=\"_blank\" rel=\"nofollow noopener\">Kiev\u2019s Boryspil International Airport<\/a> were taken down, causing a number of flights to be postponed;<\/li>\n<li>Another ransomware attack targeted <a href=\"https:\/\/www.cntraveler.com\/story\/atlanta-airport-shuts-down-wi-fi-following-cyber-attack-on-city\" target=\"_blank\" rel=\"nofollow noopener\">Hartsfield-Jackson Atlanta International Airport<\/a>. In March 2018, it was forced to disable parts of its website and advise passengers to check information directly with their airlines. The airport also had to turn off its Wi-Fi network to confine the infection, further inconveniencing passengers;<\/li>\n<li>During Christmas 2019, <a href=\"https:\/\/www.usatoday.com\/story\/tech\/2020\/01\/10\/christmas-ransomware-attack-strikes-new-york-airport-servers\/4433103002\/\" target=\"_blank\" rel=\"nofollow noopener\">Albany International Airport<\/a> experienced a ransomware attack. This time, the attack did not affect operations at the airport itself, nor, it seems, did any passenger data suffer\u00a0\u2014 the cybercriminals encrypted internal documentation only (including backups). All the same, the administration agreed to the attackers\u2019 demands and paid the ransom;<\/li>\n<li>In April 2020, unknown persons compromised two <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/san-francisco-intl-airport-discloses-data-breach-after-hack\/\" target=\"_blank\" rel=\"nofollow noopener\">San Francisco International Airport<\/a> websites and injected them with malicious code for stealing user credentials. The attackers\u2019 goals were unclear (as was their degree of success), but airport employees were required to reset their mail and network passwords.<\/li>\n<\/ul>\n<h2>How to protect airports from cyberattacks<\/h2>\n<p>A modern airport is a gigantic structure brimming with information systems. More often than not, critical systems are isolated from office and public networks, but attackers do not need to attack critical infrastructure to wreak havoc. The functioning of airlines, as well as numerous marketplaces and services, depends on the normal operation of simpler IT systems.<\/p>\n<p>To protect all of that infrastructure, airport cybersecurity teams need real-time intelligence on the latest cyberthreats. To that end, Germany\u2019s Munich Airport, which takes cybersecurity very seriously, contacted us recently.<\/p>\n<p>The airport authorities subscribed to <a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/threat-intelligence?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Advanced Persistent Threat Intelligence Reporting <\/a> service, which gives access to our investigative data and provides information about the methods, tactics, and tools modern cybercriminals employ, as well as indicators of compromise. In addition, the Munich team acquired access to our Threat Lookup service to get detailed data on detected threats, as well as to Kaspersky Threat Data Feeds, which can be connected to automated protection systems.<\/p>\n<p>Read more <a href=\"https:\/\/media.kaspersky.com\/en\/business-security\/case-studies\/TI_Marketing_Case_Study_Munich_Airport_Customer_0621_EN_GLB.pdf\" target=\"_blank\" rel=\"noopener nofollow\">here<\/a> about how we\u2019re helping Munich Airport fight cyberthreats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Airports have always been an attractive target for cybercrime. Here\u2019s how to keep them protected.<\/p>\n","protected":false},"author":2581,"featured_media":18844,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[2496,433,1552],"class_list":{"0":"post-18843","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-airports","10":"tag-ransomware","11":"tag-threat-intelligence"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/protecting-airports\/18843\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/protecting-airports\/23374\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/protecting-airports\/22934\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/protecting-airports\/26066\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/protecting-airports\/25662\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/protecting-airports\/31532\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/protecting-airports\/10084\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/protecting-airports\/42150\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/protecting-airports\/17753\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/protecting-airports\/18209\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/protecting-airports\/15336\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/protecting-airports\/27431\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/protecting-airports\/31685\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/protecting-airports\/27635\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/protecting-airports\/24374\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/threat-intelligence\/","name":"threat intelligence"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18843","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=18843"}],"version-history":[{"count":0,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/18843\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/18844"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=18843"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=18843"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=18843"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}