https://www.cbronline.com/wp-content/uploads/2020/01/ken-yam-RSYBi_1fhfM-unsplash.jpg

Flying Blind: 70% of Airport Websites Contain Vulnerabilities

Real risk that attackers could start “aiming attacks at the airports directly to disrupt critical national infrastructure.”

More than one in five websites operated by airports contain publicly known and exploitable vulnerabilities, while 97 percent still use some form of outdated web software, according to a new report by Switzerland-based web security company ImmuniWeb.

The company, which tested the cybersecurity of 100 of the world’s largest airport’s websites, found a mishmash of vulnerable web applications, misconfigured clouds and code repository leaks among other worrying security issues reported this week.

https://www.cbronline.com/wp-content/uploads/2020/01/airports.jpg
The assets tested by ImmuniWeb

A worrying 71 airport websites were found to have serious security vulnerabilities that could be exploited by hackers.

Out of the 100 airport websites tested only three received a clean bill of health; Amsterdam Schiphol, Helsinki-Vantaa, and Dublin Airport.

During their testing the researchers found that only 45 out of the 100 websites are running web application firewall software.

With regards to GDPR legislation 76 of the websites were found to be in breach, the firm suggested, with three exposing AWS S3 public cloud storage buckets containing sensitive data to the public.

https://www.cbronline.com/wp-content/uploads/2020/01/diagram-3.jpg
Credit: ImmuniWeb

Ilia Kolochenko, CEO of ImmuniWeb, said: “Given how many people and organizations entrust their data and lives to international airports every day, these findings are quite alarming…

“Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of travellers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure.”

BP’s CISO: Gov’t Agencies “Still Polishing Intel” as Adversaries MoveBP CISO: "The bad guys are moving at wire speed. Collaboration is improving but we still sit down together once a quarter. That's not sufficient."30 Jan 2020

In 2018, the UK’s Bristol Airport was hit by a ransomware attack that knocked its in-house passenger information display systems offline, forcing staff to manually write out all flight information on whiteboards.

The airport claims that no security-critical systems were breached during the incident, but it did highlight how easily an airport could be disrupted by a cyber attack.

Kolochenko notes that: “Today, when our digital infrastructure is extremely intricate and intertwined with numerous third-parties, holistic visibility of your digital assets and attack surface is pivotal to ensure the success of your cybersecurity program. Without it, all your efforts and spending are unfortunately vain.”

Critical Bug Fix: OpenBSD Vulnerability Needs Urgent Patching – RCE With Morris Worm InspirationSecurity teams are being urged to patch a critical and remotely exploitable OpenSMTPD vulnerability. The OpenBSD mail server is used by a range of Linux...29 Jan 2020

Related News

“Auntie, Go Inside!” China Turns to Drones to Enforce Coronavirus QuarantineChina has turned to technology to help keep its citizen compliant with quarantine procedures, using drones to castigate those...31 Jan 2020Digital Change: How Can You Support Employees Through The Process?Across the globe, a revolution is taking place inside modern workplaces, writes James Longworth, Workplace Technology Consultant at Insight UK.James Longworth, Workplace Technology Consultant at Insight UK., 30 Jan 2020BP’s CISO: Gov’t Agencies “Still Polishing Intel” as Adversaries MoveBP CISO: "The bad guys are moving at wire speed. Collaboration is improving but we still sit down together once a quarter. That's not sufficient."30 Jan 2020