Tag Archive for: Aviation

Aviation security does not end at airports

/in


The recent incident on a United flight from Los Angeles to Boston highlights why aviation security does not end at airport security checkpoints.

The passenger managed to create a weapon using a broken metal spoon and hit a flight attendant with his makeshift weapon. The passenger also attempted to open a door on the airplane, according to law enforcement officials, and believed that a flight attendant was going to kill him.

If convicted, the passenger is subject to hefty fines (as much as $250,000) and life in prison.

There is a high probability that this person suffers from mental illness. If that is the case, these penalties will serve little purpose. It may provide some deterrence benefit for someone with clear thinking but nefarious intent to see how they would be handled if they attempted such acts of violence on an airplane.

The Transportation Security Administration uses multiple layers to protect the nation’s air system. The most visible layer is at airport screening checkpoints, where passengers, carry-on bags and checked baggage are screened using a variety of technology.

A far less visible layer is air marshals, who are strategically assigned to flights based on a variety of risk factors, including the collective risk profile of passengers on a flight. Air marshals are ready to respond if any passenger acts inappropriately and threatens the security of a flight, its crew or its passengers.

Air marshals are a means to buy down risk and make a flight more secure. However, the expense of placing air marshals on flights means that air marshals are not on most flights. Moreover, the collective risk profile of most flights makes It unnecessary to have an air marshal on them. It appears that the United flight did not have an air marshal, or such a person would have responded to the incident.

The biggest takeaway from the event is how the passengers responded. Several acted quickly and decisively to wrestle the person to the ground and keep him from further harming himself or others. This made these passengers de facto air marshals.

The basis of risk-based security, the strategy employed by the TSA, is to match security resources to security risk. The most effective program that the…

Source…

China accuses United States of hacking top space and aviation university

/in


What just happened? China is regularly accused of using state-sponsored hackers to infiltrate American systems, government agencies, and organizations, but the Asian country claims the US is far from innocent when it comes to engaging in these sort of activities. The latest allegation is that the NSA hacked a government-funded university that specializes in aviation, aerospace, and navigation studies.

According to a statement from China’s National Computer Virus Emergency Response Center (CNCERT/CC), the NSA’s Office of Tailored Access Operations (TAO) sent phishing emails to teachers and students at Northwestern Polytechnical University in an attempt to steal data and personal information.

As with other phishing campaigns, the goal was to trick targets into clicking malicious links that would allow the TAO to steal email login details. The messages’ themes included scientific evaluation, thesis defense, and information on foreign travel.

According to The Global Times, a publication owned by the Chinese communist party, a team from CNCERT/CC and 360 Security Technology Inc. analyzed trojan samples from the university’s information systems after an attack was reported in June. They traced the hacks back to the TAO.

Chinese president Xi Jinping

China says the NSA was behind more than 10,000 “vicious” cyberattacks on targets within the country in recent years, collecting more than 140 GB of high-value data in the process.

The US has a long history of throwing hacking accusations at China. The CISA, NSA, and FBI issued an alert in June claiming Chinese state-backed hackers are using unpatched consumer routers and network-attached storage (NAS) devices to gain access to the infrastructure of major telecommunications companies, sending their traffic to Chinese servers.

In February, Federal Bureau of Investigation director Christopher Wray said China is behind more cyberattacks on the US than all other nations combined. He added that, at the time, the FBI was investigating 2,000 cases of Chinese attacks. He cited the Microsoft Exchange hack, which impacted the networks of 10,000 American companies, as an example of the damage Chinese hackers can cause the US…

Source…

Exclusive: Evidence shows US’ NSA behind attack on email system of Chinese leading aviation university

/in


cyber attack Photo:VCG

cyber attack Photo:VCG

The email system of a university in Northwest China’s Shaanxi Province – well-known for its aviation, aerospace and navigation studies – was found to have been attacked by the US’ National Security Agency (NSA), the Global Times learned from a source on Monday.

On June 22, Northwestern Polytechnical University announced that hackers from abroad were caught sending phishing emails with Trojan horse programs to teachers and students at the university, attempting to steal their data and personal information. 

A police statement released by the Beilin Public Security Bureau in Xi’an the next day said that the attack attempted to lure teachers and students into clicking links of phishing emails with Trojan horse programs, with themes involving scientific evaluation, thesis defense and information on foreign travel, so as to obtain their email login details.

To probe into the attack, China’s National Computer Virus Emergency Response Center and internet security company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case. 

By extracting many trojans samples from internet terminals of Northwestern Polytechnical University, under the support of European and South Asian partners, the technical team initially identified that the cyberattack to the university was conducted by the Tailored Access Operations (TAO) (Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of US’ NSA.

TAO is the largest and most important part of the intelligence division of the NSA. Founded in 1998, the main responsibility of TAO is to use the internet to secretly access to insider information of its competitors, including secretly invading target countries’ key information infrastructure to steal account codes, break or destroy computer security systems, monitor network traffic, invade privacy and steal sensitive data, and gain access to phone calls, emails, network communications and messages. 

The various departments of TAO are composed of more than 1,000 active military personnel, network hackers, intelligence analysts, academics, computer hardware and software designers, and electronics…

Source…

Experts Warn of Hacking Group Targeting Aviation and Defense Sectors

/in


Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans (RATs) on compromised systems.

The use of commodity malware such as AsyncRAT and NetWire, among others, has led enterprise security firm Proofpoint to a “cybercriminal threat actor” codenamed TA2541 that employs “broad targeting with high volume messages.” The ultimate objective of the intrusions is unknown as yet.

Social engineering lures used by the group does not rely on topical themes but rather leverages decoy messages related to aviation, logistics, transportation, and travel. That said, TA2541 did briefly pivot to COVID-19-themed lures in the spring of 2020, distributing emails concerning cargo shipments of personal protective equipment (PPE) or testing kits.

Automatic GitHub Backups

“While TA2541 is consistent in some behaviors, such as using emails masquerading as aviation companies to distribute remote access trojans, other tactics such as delivery method, attachments, URLs, infrastructure, and malware type have changed,” Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, told The Hacker News.

While earlier versions of the campaign utilized macro-laden Microsoft Word attachments to drop the RAT payload, recent attacks include links to cloud services hosting the malware. The phishing attacks are said to strike hundreds of organizations globally, with recurring targets observed in North America, Europe, and the Middle East.

The repeated use of the same themes aside, select infection chains have also involved the use of Discord app URLs that point to compressed files containing AgentTesla or Imminent Monitor malware, indicative of the malicious use of content delivery networks to distribute information gathering implants for remotely controlling compromised machines.

“Mitigating threats hosted on legitimate services continues to be a difficult vector to defend against as it likely involves implementation of a robust detection stack or policy-based blocking of services which might be business-relevant,”…

Source…