Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

UN Aviation Agency Concealed Serious Hack: Media

The Montreal-based United Nations aviation agency concealed for months a hack of its computers and allowed malware to spread throughout the airline industry, Canada’s public broadcaster reported Wednesday.

The Montreal-based United Nations aviation agency concealed for months a hack of its computers and allowed malware to spread throughout the airline industry, Canada’s public broadcaster reported Wednesday.

The International Civil Aviation Organization (ICAO) had in November 2016 been the victim of the “most serious cyberattack in its history,” Radio-Canada said.

Internal documents obtained by the broadcaster revealed a flawed response to the attack — believed to have been launched by a Chinese hacker group — mired in delays, obstruction and negligence, and attempts by staff to hide their incompetence.

American airplane maker and defense contractor Lockheed Martin was the first to raise concerns, alerting the ICAO that its servers had been hijacked to spread malware to government and airline computers.

In an email to the ICAO, the Lockheed Martin cyberintelligence analyst described the attack as “a significant threat to the aviation industry.” It had the characteristics of a “watering hole attack” that targets visitors to a website.

The UN agency, working with 192 member states and industry groups, is responsible for setting international civil aviation standards, including for safety and security.

The ICAO information technology team reached out to a New York-based IT agency affiliated with the UN to analyze the attack, but then rejected its expertise — not bothering to respond to emails for several days or transmitting unusable data.

It would take a fortnight before an analysis revealed that the intrusion was actually an even bigger problem.

Advertisement. Scroll to continue reading.

Mail server, domain administrator and system administrator accounts were affected, giving hackers access to the passwords of more than 2,000 ICAO users to read, send or delete emails.

Within 30 minutes of the ICAO piracy, at least one member state’s website, Turkey, had been infected.

But the ICAO tech chief continued to downplay its seriousness.

An independent investigation in 2017 would conclude that the malicious software used in the attack had been identified by ICAO antivirus software a year earlier, but that the computers had still not been disinfected.

The ICAO told AFP that the Radio-Canada report contained “many erroneous interpretations and conclusions,” saying the gravity of the malware found on its servers “has been greatly exaggerated.”

“We’re not aware of any serious cybersecurity ramifications for external partners which resulted from this incident,” it said.

“And as a standards-setting body, with no operational role or mandate in aviation, the inference that our data security could pose risks to the combined aviation and aerospace sectors, or the general public, is grossly inaccurate.”

The agency also has made “robust improvements to its cybersecurity posture and approaches to mitigate further incidents,” it said.

In Ottawa, Canadian Transportation Minister Marc Garneau called the revelations “worrying” and vowed to discuss them with ICAO boss Fang Liu.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.