Security News

MITRE now offers an open-source version of its Aviation Risk Identification and Assessment software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. The first prototype of ARIA was developed for the Federal Aviation Administration in collaboration with the FAA's Safety and Technical Training service unit Quality Assurance group, and it was introduced in October 2020.

Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector. Rosaviatsia is the agency responsible for overseeing the civil aviation industry in Russia, keeping records of flight or emergency incidents.

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho ManageEngine and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command revealed on Thursday. CISA was part of the incident response between February and April and said the hacking groups had been in the compromised aviation organization's network since at least January after hacking an Internet-exposed server running Zoho ManageEngine ServiceDesk Plus and a Fortinet firewall.

State-backed hacking groups have breached a U.S. aeronautical organization using exploits targeting critical Zoho and Fortinet vulnerabilities, a joint advisory published by CISA, the FBI, and the United States Cyber Command revealed on Thursday. CISA was part of the incident response between February and April and said the hacking groups had been in the compromised aviation organization's network since at least January after hacking an Internet-exposed server running Zoho ManageEngine ServiceDesk Plus and a Fortinet firewall.

To improve security, the cybersecurity industry needs to follow the aviation industry's shift from a blame culture to a "Just" culture, according to director of the Information Systems Audit and Control Association Serge Christiaans. While acknowledging that improved technology, more mature processes and improved leadership all helped to improve aviation safety, the former pilot and field CISO at tech consultancy Sopra Steria said the biggest improvements came from a change to a "Just culture" that accepts people will make mistakes and by doing so makes it more likely errors will be reported.

The Transportation Security Administration recently issued new cybersecurity requirements for the aviation industry, which follows last year's announcement for railroad operators. In the aviation industry, operational technology systems are used to control a variety of critical processes, such as air traffic control, aircraft maintenance, and flight operations.

The Transportation Security Administration issued a new cybersecurity amendment to the security programs of certain TSA-regulated operators in the aviation sector, following similar measures announced in October 2022 for passenger and freight railroad carriers. This is part of the Department of Homeland Security's efforts to increase the cybersecurity resilience of U.S. critical infrastructure and follows extensive collaboration with aviation partners.

The security industry needs to take a leaf from the manual of an industry where smart incident response is literally life and death, if it is to fix systemic problems. In a presentation at the Black Hat security conference in Las Vegas Tarah Wheeler, an advisor to the US Council of Foreign Relations and founder of security startup Red Queen Dynamics, and Harvard Kennedy School researcher Victoria Ontiveros, unveiled a project that takes the exhaustive incident investigation processes used in the aviation industry and apply them to information security.

Though a number of the group's attacks already have been tracked by various researchers - including Microsoft, Mandiant, Cisco Talos, Morphisec and others - since at least 2019, Proofpoint's latest research shares "Comprehensive details linking public and private data under one threat activity cluster we call TA2541," researchers wrote. Previously reported attacks related to TA2541 include a two-year spyware campaign against the aviation industry using the AsyncRAT called Operation Layover and uncovered by Cisco Talos last September, and a cyberespionage campaign against aviation targets spreading RevengeRAT or AsyncRAT revealed by Microsoft last May, among others.

Researchers discover common threat actor behind aviation and defense malware campaigns. Security researchers at Proofpoint have announced their discovery of a common threat actor behind attacks reported by Cisco Talos, Microsoft and others, and they say that the group has been active since at least 2017.