Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry

Cross Posted from TheAviationist.

2011 has been an annus horribilis for information security, and aviation has not been an exception to this rule: not only in 2011 the corporate networks of several aviation and aerospace industries have been targeted by digital storms (not a surprise in the so-called hackmageddon) but, above all, last year will be probably remembered for the unwelcome record of two alleged hacking events targeting drones (“alleged” because in the RQ-170 Sentinel downed in Iran episode, several doubts surround the theory according to which GPS hacking could have been the real cause of the crash landing).

But, if Information Security professionals are quite familiar with the idea that military contractors could be primary and preferred targets of the current Cyberwar, as the infographic on the left shows, realizing that malware can be used to target a drone is still considered an isolated episode, and even worse, the idea of a malware targeting, for instance, the multirole Joint Strike Fighter is still something hard to accept.

However, things are about change dramatically. And quickly.

The reason is simple: the latest military and civil airplanes are literally full of electronics, which play a primary role in managing avionics, onboard systems, flight surfaces, communcation equipment and armament.

For instance an F-22 Raptor owns about 1.7 millions od line of codes , an F-35 Joint Strike Fighter about 5.7 millions and a Boeing 787 Dreamliner about 6.5 millions. Everything with some built in code may be exploited, therefore, with plenty of code and much current and future vulnerabilities, one may not rule out a priori that these systems will be targeted with specific tailored or generic malware for Cyberwar, Cybercrime, or even hacktivism purposes.

Unfortunately it looks like the latter hypothesis is closer to reality since too often these systems are managed by standard Windows operating systems, and as a matter of fact a generic malware has proven to be capable to infect the most important U.S. robots flying in Afghanistan, Pakistan, Libya, and Indian Ocean: Predator and Reaper Drones.

As a consequence, it should not be surprising, nor it is a coincidence, that McAfee, Sophos and Trend Micro, three leading players for Endpoint Security, consider the embedded systems as one of the main security concerns for 2012.

Making networks more secure (and personnel more educated) to prevent the leak of mission critical documents and costly project plans (as happened in at least a couple of circumstances) will not be aviation and aerospace industry’s information security challenge; the real challenge will be to embrace the security-by-design paradigm and make secure and malware-proof products ab initio.

While you wait to see if an endpoint security solution becomes available for an F-35, scroll down the image below and enjoy the list of aviation and aerospace related cyber attacks occurred since the very first hack targeting the F-35 Lightning II in 2009.

Of course aviation and aerospace industries are not the only targets for hackers and cybercriminals. So, if you want to have an idea of how fragile our data are inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011 and 2012 (regularly updated) at hackmageddon.com. And follow @pausparrows on Twitter for the latest updates.

As usual the references are after the jump…

(more…)

Continue Reading Exclusive Infographic: All Cyber Attacks on Military Aviation and Aerospace Industry

Oops, My Drone Was Infected!

  • Post author:
  • Post last modified:October 8, 2011
  • Post category:Security
  • Post comments:3 Comments
  • Reading time:4 mins read

Do you remember the intrepid Jeff Goldbum injecting malicious code on the Alien mothership during one of the most famous…

Continue Reading Oops, My Drone Was Infected!

Il Mobile Malware Contagioso

  • Post author:
  • Post last modified:March 15, 2011
  • Post category:MobileSecurity
  • Post comments:2 Comments
  • Reading time:1 mins read

Come saprete sicuramente ieri al Security Summit di Milano si è tenuta la tavola rotonda "Mobile Security: Rischi, Tecnologie, Mercato".…

Continue Reading Il Mobile Malware Contagioso

Sono Rimasto di Stuxnet…

  • Post author:
  • Post last modified:March 1, 2011
  • Post category:Security
  • Post comments:1 Comment
  • Reading time:1 mins read

Dietro ogni incontro, anche il più impensabile, si nasconde un fatto divertente. Durante una delle riunioni di lavoro di oggi,…

Continue Reading Sono Rimasto di Stuxnet…

La Sindrome Cinese

  • Post author:
  • Post last modified:February 17, 2011
  • Post category:Security
  • Post comments:0 Comments
  • Reading time:4 mins read

Nel giorno in cui anche alla RSA Conference 2011 è stato ribadito che "E' ora di prepararsi per le minacce…

Continue Reading La Sindrome Cinese

I Cinque Domini Dell’Apocalisse

  • Post author:
  • Post last modified:February 15, 2011
  • Post category:Security
  • Post comments:2 Comments
  • Reading time:6 mins read

Quando la sicurezza Informatica incontra (involontariamente) l'arte... Symantec ha da poco pubblicato un aggiornamento relativo al proprio documento di analisi…

Continue Reading I Cinque Domini Dell’Apocalisse

Matrimonio D'(Intel)esse…

  • Post author:
  • Post last modified:January 31, 2011
  • Post category:Security
  • Post comments:1 Comment
  • Reading time:4 mins read

Il titolo di questo post non è tratto da una commedia cinese, ma rappresenta la mia personale interpretazione di una…

Continue Reading Matrimonio D'(Intel)esse…

Gears Of Cyberwar

  • Post author:
  • Post last modified:January 19, 2011
  • Post category:Security
  • Post comments:1 Comment
  • Reading time:5 mins read

Il 2010 verrà ricordato tra gli annali della sicurezza informatica soprattutto per due eventi: Operation Aurora e Stuxnet. Sebbene estremamente…

Continue Reading Gears Of Cyberwar