EUROCONTROL Think Paper #12 - Aviation under attack from a wave of cybercrime

Cybercrime poses a real and growing threat to all aviation actors. Is our industry resilient enough to cope, and what more needs to be done to improve our collective cyber-resilience?
Man holding an abstract cybersecurity orb

European aviation is under attack, our latest EUROCONTROL Think Paper reveals, showing how the industry is increasingly exposed to rising levels of risk, as cybercriminals look to exploit new vulnerabilities amidst the worst financial crisis aviation has ever experienced.

Using exclusive EUROCONTROL data from the Agency’s EATM-CERT (European Air Traffic Management Computer Emergency Response Team) service, our 12th in a series of thought-provoking Think Papers reveals that on top of a “big 3” crimewave of fake websites, data theft and phishing attacks, every week a ransomware attack hits an aviation actor somewhere across the globe, disrupting business continuity and capable of bringing operations to a grinding halt.

Our research shows that airlines continue to be an irresistible target for cybercriminals, targeted by 61% of all detected aviation cyber-attacks in 2020, and losing around $1 billion a year from fraudulent websites alone. Add to that data theft, card fraud, air miles fraud, phishing, fake invoices and more, and you have a perfect storm for a part of the industry that continues to reel from the pandemic.

We also highlight the growing threat posed by state-sponsored or highly organised crime syndicates, malign actors capable of conducting large-scale targeted intrusions that aim at massive disruption as much as financial gain: while no impact on flight safety has yet been reported, there is no grounds for complacency.

Efforts to counter the growing cyber-threat must continue, we conclude, with organisations urged to avoid exposing themselves to additional risk by failing to apply systematically basic IT security controls, and to pay increased attention to new threat vectors. While the European aviation community has upped its detection capabilities and improved its reporting culture, we emphasise how continued cybersecurity advocacy by EUROCONTROL’s EATM-CERT service and other partners is key to foiling fraudsters, and will continue to save European aviation stakeholders millions every year.

Download the full paper to learn more.

Think Papers are produced to stimulate debate and look at alternatives. They do not represent the official view of the Agency or its Member States.

Files

EUROCONTROL Think Paper #12 - Aviation under attack from a wave of cybercrime