Transportation


  • Airports Council International and The Aviation Information Sharing and Analysis Center enter cooperative agreement

    January 23, 2020

    Airports Council International (ACI) World and A-ISAC announced today they have signed an agreement that better enables ACI members to join the A-ISAC for access to airport-specific cyber threat intelligence and actionable data that will enhance their ability to build cyber resiliency. Both organizations play an active role in supporting the global aviation network; by increasing ...

  • Israel launches civil aviation cybersecurity plan

    January 13, 2020

    The Israeli government approved a civil aviation cybersecurity program, the Israel National Cyber Directorate (INCD) reported on Sunday. As part of the plan, a national steering committee will be established, to advance Israel’s capabilities in this field. The committee, headed by the INCD, will have representatives from Israel’s Ministry of Transport, the Civil Aviation Authority, Israel’s Airports ...

  • More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting

    December 12, 2019

    The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to ...

  • Major Airport Malware Attack Shines a Light on OT Security

    October 18, 2019

    A cryptomining infection managed to spread to half of all workstations at a major international airport in Europe – shining a spotlight on security for operational tech and IT convergence. Researchers at Cyberbit found the XMRig Monero mining malware, which was a known strain called “Playerz,” but which skated by antivirus solutions on the endpoints by adding a ...

  • xHunt Campaign: Attacks on Kuwait Shipping and Transportation Organizations

    September 23, 2019

    The first known attack in this campaign targeted a Kuwait transportation and shipping company in which the actors installed a backdoor tool named Hisoka. Several custom tools were later downloaded to the system in order to carry out post-exploitation activities. All of these tools appear to have been created by the same developer. We were ...

  • Unpatchable security flaw found in popular SoC boards

    August 20, 2019

    Security researchers have discovered an unpatchable security flaw in a popular brand of system-on-chip (SoC) boardsmanufactured by Xilinx. The vulnerable component is Xilinx’s Zynq UltraScale+ brand, which includes system-on-chip (SoC), multi-processor system-on-chip (MPSoC), and radio frequency system-on-chip (RFSoC) products used inside automotive, aviation, consumer electronics, industrial, and military components. According to security researchers with Inverse Path — F-Secure’s hardware ...

  • British Airways E-Ticketing Flaw Exposes Passenger Flight, Personal Data

    August 13, 2019

    A vulnerability in British Airways’ e-ticketing system could enable a bad actor to view passengers’ personal data or change their booking information. A security bug discovered in British Airways’ e-ticketing system has the potential to expose passengers’ data, including their flight booking details and personal information. Researchers on Tuesday said that check-in links being sent by British ...

  • Cyberattack warning to small plane owners: How your aircraft could be vulnerable

    July 30, 2019

    The alert from the DHS critical infrastructure computer emergency response team. warns that modern flight systems are vulnerable to hacking if a person manages to gain unrestricted access to an aircraft. The alert also recommends that small plane owners restrict unauthorized physical access to their aircraft the best they can. It warns that access should remain limited until ...

  • On the IoT road: perks, benefits and security of moving smartly

    July 22, 2019

    Kaspersky has repeatedly investigated security issues related to IoT technologies (for instance, here, or here). Earlier this year our experts have even gained foothold in the security of biomechanical prosthetic devices. The same implies to smart car security: our own research has indicated that there are number of issues—look here or here. This year, we decided to continue our tradition of small-scale experiments with security ...

  • London Underground to begin tracking passengers through Wi-Fi hotspots

    May 23, 2019

    Transport for London (TfL) is planning to roll out a system to track commuters making use of public Wi-Fi hotspots across the London Underground in coming months. The UK transport agency said on Wednesday that “secure, privacy-protected data collection will begin on 8 July 2019,” with improved customer services — including warnings over delays and station congestion — ...

  • Hackers reveal how to trick a Tesla into steering towards oncoming traffic

    April 2, 2019

    A team of hackers has managed to trick the Tesla Autopilot feature into dive-bombing into the wrong lane remotely through root control and a few stickers. Researchers from Tencent Keen Security Lab published a report this week (.PDF) on their findings, which shows how the Tesla Autopilot system engine control unit (ECU) can be abused through root security ...

  • London’s top attractions besieged by more than 100 million cyber attacks

    March 18, 2019

    Kew Gardens, National History Museum, Tate Gallery and Imperial War Museum have been hammered by a total of 109 million cyber attacks over the last few years according to Parliament Street. The research firm issued a Freedom of Information (FOI) request to the four leading tourist attractions in London to uncover just how secure their IT ...

  • Flaw in Multiple Airline Systems Exposes Passenger Data

    February 7, 2019

    Researchers have discovered that multiple airline e-ticketing systems do not encrypt check-in links. The security faux pas could allow bad actors on the same network as the victim to view – and in some cases even change – their flight booking details or boarding passes. Security researchers at Wandera said that eight airlines have been sending ...

  • Your New Car Is A Hacker Magnet — Automotive Industry Disconnect To Blame

    February 6, 2019

    The car that you drive today is a far cry from those of just a decade ago and in many ways is now an internet-connected computer on wheels. This push towards connectivity and smart-motoring has seen the automotive manufacturing industry shift towards becoming as much about software as they are transportation. And that means it ...

  • Electric Vehicle Charging Stations Open to IoT Attacks

    December 14, 2018

    Flaws could allow an attacker to stop or start a home charging station, or even change the current in order to start a fire. Given that creating proof-of-concept (PoC) cyberattacks for the Internet of Things (IoT) is essentially like shooting fish in a barrel these days, perhaps it’s not exactly surprising that a new niche category ...

  • Ships infected with ransomware, USB malware, worms

    December 12, 2018

    Ships suffer from the same types of cyber-security issues as other IT systems, a recent document released by the international shipping industry reveals. The document is the third edition of the “Guidelines on Cyber Security onboard Ships,” an industry-approved guide put together by a conglomerate of 21 international shipping associations and industry groups. While the document contains ...

  • Cathay Pacific hack: Airline admits techies fought off cyber-siege for months

    November 12, 2018

    Fresh from belatedly admitting that 9.4 million passengers’ personal data was stolen by hackers, Hong Kong airline Cathay Pacific has now admitted that it was under attack for three solid months before it took half a year to tell anyone. In its initial public statement on the hack, which saw names, nationalities, dates of birth, addresses, ...

  • Cloud, cars and IoT could change grid cybersecurity

    November 6, 2018

    The proliferation of connected devices including electric cars could provide grid operators with an operational view of cybersecurity threats and change the way the grid is secured, said Karen Evans, assistant secretary of the Energy Department’s Office of Cybersecurity, Energy Security, and Emergency Response. While experts generally consider the internet of things to be a risky ...

  • Eurostar Resets All Customer Passwords After ‘Attempted’ Hack

    November 2, 2018

    The incident, which took place in mid-October, follows major breaches at several airlines — but this time around no payment details were affected Eurostar has reset all customers’ online passwords after detecting an “attempted” hack, the rail company confirmed. The incident follows major breaches at several airlines. Eurostar customers reported receiving emails from Eurostar earlier this week notifying ...

  • Cathay Pacific Data Breach Highlights A Need To Change Airline Security Focus

    October 25, 2018

    Cathay Pacific has been hit by a data breach affecting 9.4 million passengers of Cathay and Hong Kong Dragon Airlines, a serious exposure that shows—not for the first time—that the focus of airline security can’t be limited to airport terminals and aircraft cabins. First discovered in March, and confirmed in May of this year, the Cathay Pacific ...