TechTronBlog.com

Technology, Innovation, Collaboration
Menu
  • Features
  • Gadget
  • Mobile
  • Uncategorized

Daily Tech Updates Sent to your Email

Join our Newsletter
Home
Features
97 of the world’s 100 largest airports have massive cybersecurity risks
Features

97 of the world’s 100 largest airports have massive cybersecurity risks

August 17, 2020

An investigation of airport cybersecurity found glaring gaps in security for web and mobile applications, misconfigured public clouds, Dark Web exposure and code repositories leaks.


Swiss web security company ImmuniWeb has released an in-depth report on the cybersecurity posture of the world’s biggest airports, finding that almost all of them had an alarming lack of systems in place to protect their websites, mobile applications and public clouds.

The company’s researchers compiled their findings in the “State of Cybersecurity at Top 100 Global Airports” report, which said only three airports–Amsterdam Airport Schiphol,  Helsinki-Vantaa Airport and Dublin Airport–passed all of their tests without a single major issue being detected.

SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

On the flipside, dozens of airports failed all of ImmuniWeb’s tests by having vulnerable web and mobile applications, misconfigured public clouds, Dark Web exposure or code repository leaks. ImmuniWeb decided to look into airport cybersecurity after the topic was highlighted during the 2020 World Economic Forum. In its own report, released on January 22, the WEF called for airports to address emerging cybersecurity challenges

“Given how many people and organizations entrust their data and lives to international airports every day, these findings are quite alarming,” said Ilia Kolochenko, CEO and founder of ImmuniWeb. 

“Being a frequent flyer, I frankly prefer to travel via the airports that do care about their cybersecurity. Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of the travelers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure,” Kolochenko said.

When it comes to security for main websites, just three airports received an A+ and only 15 managed to score an A in ImmuniWeb’s report. Nearly one in four airport websites received an F grade, meaning they were using outdated software with known and exploitable security vulnerabilities in the CMS systems like WordPress or web components like jQuery. Some of the websites even had several vulnerable components. ImmuniWeb researchers found that 97% of the websites are deploying outdated web software, 24% have known and exploitable vulnerabilities while another 76% are not compliant with GDPR. Nearly 25% have no SSL encryption or use now-obsolete SSLv3. 

The security for mobile apps was even worse. For the 36 airport mobile apps that researchers examined, more than 500 security and privacy issues were found as well as 288 mobile security flaws, with an average of 15 per application.

All of the apps they looked through had at least five external software frameworks and at least two vulnerabilities. Nearly 34% of the mobile apps’ outgoing traffic has no encryption at all. 

The research team at ImmuniWeb also discovered that 66 of the top 100 airports were exposed on the Dark Web, meaning they had recent leaks of highly confidential data like IDs, financial records or plaintext passwords for production systems. Other less critical risks included recent leaks of confidential data as well as internal sensitive data like source codes, documents and records.

“In light of the omnipresent proliferation of CI/CD and DevOps across the globe, 87 out of 100 airports had some sensitive or internal data exposed at various public code repositories, such as GitHub or BitBucket. Amongst them, 59 airports were identified with 227 code leakages of critical risk,” the report said. 

More than 70 of the 325 exposures found are of a “critical or high risk,” indicating a serious breach. Nearly 90% of the airports have data leaks on public code repositories and 503 of the 3,184 leaks are of a critical or high risk that could potentially lead to a breach. Three percent of airports studied have unprotected public clouds with sensitive data available.

At the end of the report, ImmuniWeb researchers included a list of best practices airports can put in place to address some of the security flaws found. They suggested implementing a continuous security monitoring system with anomaly detection to spot any and all intrusions, phishing attempts and password reuse attacks.

SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic Premium)

Airports should have cybersecurity teams that are running continuous discovery programs and constantly performing an inventory of all digital assets. If possible, programs should be deployed that can give security teams a visualization of external attack surfaces as well as risk exposure with an attack surface management solution that can monitor the Dark Web and code repositories. 

All web and mobile applications, as well as APIs, need to have holistic DevSecOps-enabled security programs that can test and fix any problems that may arise. Airports also need to conduct in-depth audits of their vendors and third-party suppliers that go beyond the traditional paper-based questionnaire, which are no longer sufficient to mitigate complex risks. 

“Today, when our digital infrastructure is extremely intricate and intertwined with numerous third-parties, holistic visibility of your digital assets and attack surface is pivotal to ensure success of your cybersecurity program,” Kolochenko added. “Without it, all your efforts and spending are unfortunately vain.” 







Cybersecurity Insider Newsletter


Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Delivered Tuesdays and Thursdays




Sign up today




” data-credit=”Image: Getty Images/iStockphoto” rel=”noopener noreferrer nofollow”>businessman in airport

Image: Getty Images/iStockphoto


Share
Tweet
Email
Prev Article
Next Article

Related Articles

https://www.techrepublic.com/article/how-to-hide-files-from-any-file-manage-on-the-linux-desktop/#ftag=RSS56d97e7

How to hide files from any file manager on the Linux desktop

https://www.techrepublic.com/article/ai-new-gpt-3-language-model-takes-nlp-to-new-heights/#ftag=RSS56d97e7

AI: New GPT-3 language model takes NLP to new heights

About The Author

Leave a Reply

Cancel reply

Recent Posts

  • New tech and gadgets you absolutely can’t miss
  • Razer Pro Click ergonomic wireless mouse maximizes your productivity
  • Lume Cube Panel Mini Bicolor LED Light provides on-the-go lighting for photographers
  • LINKA LEO GPS Smart Bike Lock can track your bicycle’s movements in more than 100 countries
  • Razer Pro Glide soft mouse mat cushions your hand during use

Recent Comments

    Archives

    • August 2020

    Categories

    • Features
    • Gadget
    • Mobile
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    TechTronBlog.com

    Technology, Innovation, Collaboration
    Copyright © 2021 TechTronBlog.com
    Theme by MyThemeShop.com

    Ad Blocker Detected

    Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

    Refresh