Hackers use nation state as target practice – Dr John McCarthy

International Airport Review brings you the latest in the John McCarthy series as we continue an examination of cyber security and the threat it could pose to aviation.

Last week, a nation was state cut off from the Internet due to a cyber-attack. The attackers used the Mirai botnet. The country was Liberia. At one point the attack reached 500gb/sec and is one of the biggest DDoS attack ever seen. Liberia has a weak telecoms infrastructure and one cable as a single point of failure thus one could argue that it is an easy target and not much to worry about.

Well I’m worried…

I’m worried because like some other security experts I think Liberia was not the target – but target practice. Botnets like Mirai have command and control features. The botnet itself is distributed and then controlled from a source. It attacks IOT (Internet of Things) devices and has also been responsible for some other recent major outages, including Twitter, Spotify, Amazon, Reddit, Yelp, Netflix, and The New York Times.

It is a real cause for concern…

Let’s say I’m a cloud services provider and I want a way to advertise my service. I would be looking for a newsworthy item to focus attention on my service. That is what I think the attack on Liberia was; a demonstration of power and capability by cyber criminals. The attack made global news and now I can prove I can do what I am offering. The next stage is simple hire me and tell me where to point my cyber weapon.

And for the aviation and airport industry?

Many airports form part of the Critical National Infrastructure of countries. They would almost certainly become the victim of a cyber-attack against the nation state they reside in. Large airports get support from government agencies, however smaller airports are mainly left to fend for themselves.

How do we look at this problem?

Like all security issues, we need to take a risk-based approach. At a board meeting of senior executives at an airport looking at their risk register, attacks that impact nation states would probably be something they can do little about. They would seek to implement their business continuity plans and disaster recovery programs as best they can.

However, if we look a little deeper there are things we can do to mitigate this type of attack. One main attacks vector was multiple network-attached storage devices with a username and password of “root/root”. Does this sound familiar? Once again we are back to basics, good network management and configuration of the devices would have stopped a great deal of these attacks happening.

So, when we feel helpless and can do nothing about the ever increasing cyber threat, remember that doing simple basic things can hinder or even stop large and small-scale cyber-attacks.