As an estimated 3.5 million Britons packed their suitcases and flew home for the winter break, the airline industry was working hard to ensure the holiday travel season ran smoothly. Airport delays are no one’s idea of holiday fun, and flight disruption is a major financial and reputational risk for airlines worldwide. However, the aviation sector’s high-profile visibility and wealth of customers’ sensitive personal data appeal to the agendas and motivations of a wide range of adversaries.
With everything from flight schedules and IT systems to passport data and customers’ frequent flyer miles under threat, airlines need to proactively address the risks that they face to protect their business. An increasingly valuable tactic is the use of Business Risk Intelligence (BRI) gleaned from the Deep & Dark Web, which can help airlines identify and mitigate risks before they become a reality.
The dark web travel bureau
Thanks to the prevailing geopolitical climate and lasting impact of post-9/11 security concerns, airlines require passengers to provide a wealth of personal information, from passport numbers and birth dates to bank details and travel itineraries. This information is highly desirable among cybercriminals who can profit by stealing and selling it on the Deep & Dark Web. Unsurprisingly, airlines experience up to 1,000 cyberattacks per month from threat actors targeting passenger data. Passengers whose personal information is compromised are at risk of identity fraud, which can have devastating consequences for the individuals affected and cause a damaging breakdown of trust and confidence between passenger and airline.
Interestingly, it’s not always the obvious information, such as passport details, that is the target. In 2015, a major U.K. airline’s frequent flyer accounts were breached by cybercriminals attempting to steal air miles. Illicit schemes of this sort are often developed in the forums of the Deep & Dark Web. In fact, for some time Flashpoint analysts have been tracking the discussions of cybercriminals who are running fraudulent travel bureau services using stolen reward points. Purchases ranging from flights, hotels, and car rentals to gift cards can be made using the stolen points. Being aware of emerging cybercriminal activity can give airlines an advantage over adversaries in their efforts to strengthen their security perimeter and protect customer data.
Taking action on activists
Airline disruption can take many forms, but one of the more low-tech challenges is managing the protests that may accompany airport expansions and other major developments. Using relatively simple obstruction tactics, activists can cause significant disruption for passengers. In February 2017, members of one activist group targeted a major U.K. airport in protest over its plans to build a third runway. Passengers experienced inconvenient delays as the protestors blocked an access tunnel in the airport’s road network. Similar protests at other European airports have caused flight cancellations and terminal shutdowns. Campaigns like this are not uncommon, and evidence of their planning can often be found in Deep & Dark Web forums. Skilled multilingual analysts monitoring these forums are able to identify the protest campaigns that are growing in momentum and those which are fading. Analysts can also look for indications of whether planned protests are likely to involve vandalism or significant risk to safety of passengers or indeed the protestors themselves. This intelligence can be used by airlines to proactively manage protest situations safely and minimise their impact on flights and passengers.
Safeguarding the aviation supply chain
The aviation industry faces particular challenges due to its geographically dispersed and cross-border operations. There are a multitude of points—both technological and physical—where threat actors can infiltrate the supply chain and cause serious problems. In a recent example, our analysts identified threat actors using tactics that are more commonly targeted at banks and online retailers to phish the supply chain credentials of a number of shipping companies. This allowed them to generate fraudulent payments and invoices and even physically control and divert shipments of goods, giving them their own distribution system for whatever else they might choose to transport—a potentially catastrophic security breach for airlines. Fortunately, in this case, we were able to identify the companies being targeted and provide them with examples of the phishing tactics being used so that they could advise partners to be aware of a potential breach and strengthen their security posture against this strategy.
At its best, air travel is fast, convenient, and the gateway to a fantastic holiday. By leveraging BRI to reduce the risk of data theft and flight disruption, airlines are aiming to ensure that all passengers need to worry about is their baggage allowance. BRI puts airlines in the pilot’s seat when it comes to proactively managing threats to their passengers, business, and reputation, ensuring that travellers can enjoy a safe and stress-free getaway.