50 SKY SHADES - World aviation news

Malware Found in International Airport in Ukraine

Download: Printable PDF Date: 19 Jan 2016 04:30 (UTC) category:
Publisher:
Malware Found in International Airport in Ukraine - Airports / Routes publisher
Dana Ermolenko
Country: Ukraine
Source: Motherboard

Malware has been discovered in a computer network of Kiev's main airport, Reuters reports.

The report states the malware was found last week in the IT network of Boryspil International Airport, located near Kyiv, which reportedly included the airport's air traffic control system. Andriy Lysenko, a military spokesperson, told Reuters that the command and control centre of the malware—the external server that the software communicates with—is in Russia, and that no damage had been done.

But experts are not going to jump to conclusions about who is behind the malware.

“The report says the command and control server is in Russia: it's normal to be able to compromise locations around the world and use, so just because the IP address says Russia means very little for attribution,” Robert M. Lee, a former US Air Force cyber warfare operations officer and CEO of Dragos Security, told Motherboard in a Twitter message.

“There's a lot of missing information here and I'd caution folks from believing anything on it until there is far more proof,” he continued.

Since December, the security community has been fascinated by a coordinated cyberattack in Ukraine that left areas of the country without power. In part because of the presence of a variant of BlackEnergy—a piece of malware that has been used for cybercriminal campaigns, as well as attacks on engineering systems—one research group attributed the attacks to Russia, and specifically the so-called “Sandworm” hacking group.

On Monday, Ukraine's Computer Emergency Response Team (CERT-UA) published a warning directed to system administrators about “potential attacks [using] BlackEnergy.” That briefing provided a list of suspicious IP addresses for admins to check their system logs against.

“We recommend checking the log files and information flows for the presence/absence of these indicators,” the briefing read, before linking to a presentation on BlackEnergy from researchers at ESET.

According to the Reuters report, an airport spokesperson said Ukrainian authorities were investigating whether the malware found in the Boryspil airport was also BlackEnergy. The worry here would be that BlackEnergy could have given hackers access to systems in the same way it did in the power grid attacks. (It’s worth remembering that in those previous cases, the malware itself did not cause the power to go out; rather, it gave the hackers remote access for them to then tamper with target systems.)

Several calls by Motherboard to a press number for Boryspil International, provided by the airport's information desk, went unanswered.





Recommended

Gulfstream and Rolls-Royce take sustainable aviation to new heights

Rolls-Royce Pearl 700 engines successfully powered the first flight of the Gulfstream G800 using 100% Sustainable Aviation Fuel. The flight was part of Gulfstream Aerospace’s high-altitude fligh...

easyJet’s 15,000th Fearless Flyer participant takes to the skies as new Autumn and Winter courses launch

easyJet has welcomed its 15,000th Fearless Flyer participant onboard and helped them take to the skies with confidence. Since launching in 2012, easyJet’s Fearless Flyer programme has helpe...

ExecuJet MRO Services Belgium receives EASA and FAA approval for Falcon 6X maintenance

European Union Aviation Safety Agency and the US Federal Aviation Administration have approved ExecuJet MRO Services Belgium to perform line and heavy maintenance on the Dassault Falcon 6X. In ad...

Jetex Jakarta: Jetex announces its entry into Indonesia's aviation market

Jetex signed an agreement to expand its presence into Indonesia, marking an important milestone in the company’s continued growth across the Asia-Pacific region. The agreement was signed wi...

Android Apps development in Riga, Latvia