Transportation


  • Easyjet hacked: 9 million people’s data accessed plus 2,200 credit card details grabbed

    May 17, 2020

    Budget British airline Easyjet has been hacked, it has told the stock markets, admitting nine million people’s details were accessed and more than 2,000 customers’ credit card details stolen. Some information about the attack was released to the London Stock Exchange by the company, which claimed it had been targeted by “a highly sophisticated source”. Email addresses and “travel ...

  • Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

    May 12, 2020

    Tropic Trooper, a threat actor group that targets government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong, has been active since 2011. The group was reportedly using spear-phishing emails with weaponized attachments to exploit known vulnerabilities. Primarily motivated by information theft and espionage, the group has also been seen adopting different strategies such ...

  • Airplane Hack Exposes Weaknesses of Alert and Avoidance Systems

    May 4, 2020

    The aircraft safety system known as the Traffic Alert and Collision Avoidance System (TCAS) can be coerced into sending an airplane on a mid-air rollercoaster ride – much to the horror of those onboard. Researchers were able to cobble together an effective method for spoofing the TCAS using a $10 USB-based Digital Video Broadcasting dongle and ...

  • Many problems with cyber security of Schipihol’s border control: Court of Audit

    April 20, 2020

    Schiphol is very vulnerable to cyber attacks, the Court of Audit concluded after investigating the cyber security of the border control systems the Koninklijke Marechaussee uses at the airport. Two of the three systems are not properly protected against cyber attacks, NOS reports. Systems at Schiphol are hardly ever tested for how well they can stand ...

  • Prague Airport says thwarted several cyber attacks; hospitals also targeted

    April 18, 2020

    Prague Airport and a regional Czech hospital said on Saturday they had thwarted cyber attacks on their IT networks, reinforcing warnings by the national cyber security watchdog of likely attempts to harm the country’s infrastructure. “Attempted attacks on web pages of the airport were detected in preparatory phases,” the airport’s spokeswoman said in an emailed statement. ...

  • Ransomware Attack Hinders Toll Group Operations

    February 4, 2020

    Australian transportation and logistics giant Toll Group said a ransomware attack is to blame for several key services being debilitated and delivery operations being delayed over the past week. Toll Group, a subsidiary of Japan Post Holdings, is a freight and delivery service company operating across more than 1,200 locations in 50 countries. The company is ...

  • Only three of the Top 100 international airports pass basic security checks

    February 3, 2020

    Only three of the world’s Top 100 international airports pass basic security checks, according to a report published last week by cyber-security firm ImmuniWeb. The three are the Amsterdam Schiphol Airport in the Netherlands, the Helsinki Vantaa Airport in Finland, and the Dublin International Airport in Ireland. According to ImmuniWeb, these three “may serve a laudable example not just to the ...

  • Airports Council International and The Aviation Information Sharing and Analysis Center enter cooperative agreement

    January 23, 2020

    Airports Council International (ACI) World and A-ISAC announced today they have signed an agreement that better enables ACI members to join the A-ISAC for access to airport-specific cyber threat intelligence and actionable data that will enhance their ability to build cyber resiliency. Both organizations play an active role in supporting the global aviation network; by increasing ...

  • Israel launches civil aviation cybersecurity plan

    January 13, 2020

    The Israeli government approved a civil aviation cybersecurity program, the Israel National Cyber Directorate (INCD) reported on Sunday. As part of the plan, a national steering committee will be established, to advance Israel’s capabilities in this field. The committee, headed by the INCD, will have representatives from Israel’s Ministry of Transport, the Civil Aviation Authority, Israel’s Airports ...

  • More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

    December 12, 2019

    The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to ...

  • Major Airport Malware Attack Shines a Light on OT Security

    October 18, 2019

    A cryptomining infection managed to spread to half of all workstations at a major international airport in Europe – shining a spotlight on security for operational tech and IT convergence. Researchers at Cyberbit found the XMRig Monero mining malware, which was a known strain called “Playerz,” but which skated by antivirus solutions on the endpoints by adding a ...

  • xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations

    September 23, 2019

    The first known attack in this campaign targeted a Kuwait transportation and shipping company in which the actors installed a backdoor tool named Hisoka. Several custom tools were later downloaded to the system in order to carry out post-exploitation activities. All of these tools appear to have been created by the same developer. We were ...

  • Unpatchable security flaw found in popular SoC boards

    August 20, 2019

    Security researchers have discovered an unpatchable security flaw in a popular brand of system-on-chip (SoC) boardsmanufactured by Xilinx. The vulnerable component is Xilinx’s Zynq UltraScale+ brand, which includes system-on-chip (SoC), multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip (RFSoC) products used inside automotive, aviation, consumer electronics, industrial, and military components. According to security researchers with Inverse Path — F-Secure’s hardware ...

  • British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

    August 13, 2019

    A vulnerability in British Airways’ e-ticketing system could enable a bad actor to view passengers’ personal data or change their booking information. A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information. Researchers on Tuesday said that check-in links being sent by British ...

  • Cyberattack warning to small plane owners: How your aircraft could be vulnerable

    July 30, 2019

    The alert from the DHS critical infrastructure computer emergency response team. warns that modern flight systems are vulnerable to hacking if a person manages to gain unrestricted access to an aircraft. The alert also recommends that small plane owners restrict unauthorized physical access to their aircraft the best they can. It warns that access should remain limited until ...

  • On the IoT road: perks, benefits and security of moving smartly

    July 22, 2019

    Kaspersky has repeatedly investigated security issues related to IoT technologies (for instance, here, or here). Earlier this year our experts have even gained foothold in the security of biomechanical prosthetic devices. The same implies to smart car security: our own research has indicated that there are number of issues—look here or here. This year, we decided to continue our tradition of small-scale experiments with security ...

  • London Underground to begin tracking passengers through Wi-Fi hotspots

    May 23, 2019

    Transport for London (TfL) is planning to roll out a system to track commuters making use of public Wi-Fi hotspots across the London Underground in coming months. The UK transport agency said on Wednesday that “secure, privacy-protected data collection will begin on 8 July 2019,” with improved customer services — including warnings over delays and station congestion — ...

  • Hackers reveal how to trick a Tesla into steering towards oncoming traffic

    April 2, 2019

    A team of hackers has managed to trick the Tesla Autopilot feature into dive-bombing into the wrong lane remotely through root control and a few stickers. Researchers from Tencent Keen Security Lab published a report this week (.PDF) on their findings, which shows how the Tesla Autopilot system engine control unit (ECU) can be abused through root security ...

  • London’s top attractions besieged by more than 100 million cyber attacks

    March 18, 2019

    Kew Gardens, National History Museum, Tate Gallery and Imperial War Museum have been hammered by a total of 109 million cyber attacks over the last few years according to Parliament Street. The research firm issued a Freedom of Information (FOI) request to the four leading tourist attractions in London to uncover just how secure their IT ...

  • Flaw in Multiple Airline Systems Exposes Passenger Data

    February 7, 2019

    Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes. Security researchers at Wandera said that eight airlines have been sending ...