Websites for more than a dozen US airports were temporarily brought offline by cyberattacks on Monday morning, including LaGuardia airport in New York City.
The hack has been attributed to a group known as Killnet, Russian hacktivists who support the Kremlin but are not thought to directly be government actors.
The attacks did not affect air traffic control, internal airport communication, or other key operations.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
This malicious call to action is a great example of why organizations need to be ever-vigilant in their cybersecurity operations. A focus on cybersecurity isn’t only for when the auditor is coming or after a breach. It’s a 24x7x365 responsibility that we must all own and embrace. We don’t take days off from things like workplace safety or legal due diligence. Cybersecurity is no different especially as we collectively face organizations like Killnet.
The impact of Killnet’s newest round of DDoS attacks, this time on the websites of major airports across the U.S. has thus far been minimal, with the primary goal being to try and spread fear and confusion. So far, this is mostly a nuisance and I don’t mean to downplay the impact to major airlines and hundreds of thousands of travellers on a holiday weekend. However, the campaign is not affecting flights and no data has been compromised. What we should be concerned about is that cyberattacks can escalate quickly and we know the Russian government themselves have more sophisticated cyber capabilities. If ransomware groups who operate in Russian with impunity join the activism they can cause much more damage that could be far reaching. Only time will tell. I expect a response from the Biden administration on this latest activity.
Headlines are dominated by the recent escalation of almost daily cyberattacks, but this attack is a frightening escalation of a truly dangerous global conflict. While it was short-lived, it proved as a warning that all critical assets are targets for malicious actors. Although the reported disruption has been minimal so far, DDoS attacks are often widely regarded as a precursor to or a distraction from other cyberattacks.
It is key to understand this sort of activity manifests as targeting individual systems, but it will most likely be repeated at scale across the globe in an effort to demonstrate an ability to disrupt similar systems. In today’s world, attacks are about disrupting operations through the most vulnerable system, it doesn’t have to be about getting the keys to the kingdom.
Critical services must be on high alert and ensure they have total visibility over all of their connected assets, and particularly suspicious behaviours within the system, to avoid any disruption. Even simple terminal systems can cause issues, so a holistic approach to managing and securing all assets is essential.
From the Colonial Pipeline to JBS USA, it is evident that our aging critical infrastructure is vulnerable and needs to be protected. However, with the right focus and security expertise in place, protection of high-risk assets and contextual intelligence, can greatly reduce the impact of these attacks and keep operations running smoothly. Having a full inventory of all assets connected to the network, along with context on where these assets may be out of date, where they contain known vulnerabilities or are actively being exploited, can be the difference between reacting quickly to remediate security gaps and a full-blown cyber incident.
The balance of power is being disrupted, and the fog of war is about to dissipate.