Phishing Scam Targeted 75 US Airports - InformationWeek
Government // Cybersecurity
11:00 AM
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Phishing Scam Targeted 75 US Airports

Major cyberattack carried out in 2013 by an undisclosed nation-state sought to breach US commercial aviation networks, says Center for Internet Security report.

 Government Data + Maps: 10 Great Examples
Government Data + Maps: 10 Great Examples
(Click image for larger view and slideshow.)

State and local government networks remain highly vulnerable to malicious hacking by nation-states, which was revealed by a newly disclosed attack conducted in 2013 that targeted as many as 75 US airports.

An investigation conducted by federal authorities and the N.Y.-based, non-profit Center for Internet Security uncovered a phishing scam that was successful against two victims working in the aviation industry, CIS said in its annual report released June 19.

The investigation began when federal authorities alerted CIS in summer 2013 that four airports potentially were the targets of an advanced persistent threat. A short time later, the authorities told CIS that eight more airports possibly had been compromised.

An advanced persistent threat occurs when an unauthorized person or group gains access to an organization's network and remains hidden inside that network while pilfering sensitive information for an extended period of time.

CIS, which helps public and private-sector organizations enhance their security readiness, eventually determined through its monitoring efforts that as many as 75 airports in the United States had come under attack.

CIS hosts the Multi-State Information Sharing and Analysis Center. MS-ISAC furnishes comprehensive cybersecurity support for state and local governments, including network monitoring, cyberthreat warnings and advisories, vulnerability identification, mitigation, and incident response.

CIS is the primary entity coordinating cyber security efforts among state and local governments. In the process of pursuing that objective, the organization plays a key role as the liaison between the Homeland Security Department and state and local governments.

Once it received the initial tip from federal authorities, CIS requested network logs from the three previous weeks from each airport for analysis against the threat clues.

By leveraging its security monitoring infrastructure, CIS was able to identify malicious traffic from two states.

CIS's investigation revealed emails containing a phishing scam that had been sent to individuals employed in the aviation industry, CIS said.

As the investigation continued, CIS uncovered a public document available online that appeared to be the source used by the attackers to select the phishing victims. That document listed email addresses for the targeted airports.

The next step CIS took was to issue a request to all entities that had a contact listed in the public document to search their email gateways for email messages that contained indicators.

At the same time, CIS distributed a cyber alert to all state and local governments, as well as the Federal Aviation Administration, Homeland Security Department, and National Cybersecurity and Communications Integration Center, informing each of the threat.

CIS also took the crucial step of contacting a key aviation industry organization and arranging to have the group distribute the cyber alert to all of its members.

The center furnished support and assistance to those entities that were attacked to ensure that all of the compromised systems were remediated.

CIS recorded 48 significant computer security incidents during 2013, which was more than double the number recorded in 2012, the group's annual report said. The majority of those incidents involved advanced persistent threats, ransomware, and webserver vulnerabilities.

NIST's cyber security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.

William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll