Cyble-Blogs-American-Airline

FAA NOTAM System Outage – More Than Meets the Eye?

Transportation & Logistics Sector in Turmoil

The American Airports underway experienced delays on Tuesday, January 10, 2023, from 10:17 PM EST and at about 10:40 PM EST, the Air Traffic Control System Command Center (ATCSCC) of Federal Aviation Administration (FAA) notified in their Operational Plan about an outage in the Notice to Air Missions (NOTAM) system.

The FAA NOTAM outage was subsequently clarified by the ATCSCC, affecting the entire American airspace from 10:28 EST on the same day.

Initially, the outage was advised to be resolved in a few hours. However, ATCSCC issued 7 more advisories about the delay in resolving the issue on January 11, 2023, which led to the cancellation of 1300 Flights and delayed departures of over 10,000 flights.

Subsequently, FAA, in their statement on January 11, 2022, at 6:30 PM EST, notified the reason behind the outage to be a damaged database file and repudiated rumors of a cyberattack from their preliminary investigation. The White House also instructed the Department of Transportation to investigate the incident thoroughly.

Figure 1: Official ATCSCC advisory released, which provides the event timeline

Canadian NOTAM Outage

On the same day, when FAA was battling the NOTAM outage in the US, the Canadian civil air navigation services provider, NAV CANADA, also issued a notice of their NOTAM system outage from 10:20 AM to 1:15 PM EST. However, no disruption in flight operations was reported by the agency.

NAV CANADA clarified that the system outage was not linked to the FAA NOTAM from their preliminary investigation.

More Than Meets the Eye?

Cyble Research & Intelligence Labs (CRIL) has observed major cybercrime incidences in the past year affecting Transportation & Logistics sector. Even though both yesterday’s Aviation incidences were attributed to system outages from the preliminary investigation by their regulating agencies in the US and Canada, CRIL had always contemplated via our blogs and advisories about targeted attacks on such critical infrastructure.

Further, considering the increased distribution of compromised sensitive information regarding businesses and their employees from this sector in cybercrime forums and darkweb, we may witness growth in cyberattacks on Transportation & Logistics sector in 2023.

Since the industry heavily relies on allied industries sourcing the entire value chain, satellite communication, and IoT technology, it has enhanced the attack vector leveraged by cybercriminals. Asides from this, the weak economic indicators, energy crisis, and prevalent insider threats remain a matter of concern.   

Note: On March 29, 2022, Cyble Research & Intelligence Labs (CRIL) released an in-depth blog on “Increased attacks on SATCOM which puts Maritime Operations at risk

Cyberattacks on Transportation & Logistics Systems

Cyber Attack on Marine Fleet and Ship Management Software

On January 7, 2023, Norwegian company, Det Norske Veritas (DNV) confirmed that their ShipManager Software was a victim of a cyber-attack.

DNV is a leading software supplier of maritime software for shipping companies worldwide. More than 7000 vessels owned by 300 customers use ShipManager and Navigator solutions for improved technical and operational performance.

ShipManager software offers a customizable approach to ship management, allowing operators to select specific modules or opt for a comprehensive system. The available modules include the following-

The official statement released by the organization can be observed in the figure below.

Figure 2: Official Statement released by DNV over the cyber incident

Maritime Tech Giant hit by Cyber Attack

In early December 2022, a cyber-attack hit Maritime Tech Giant – Voyager Worldwide. Due to the cyber-attack, all systems were taken offline at the navigation services and solutions providers utilized by more than 1,000 shipping companies worldwide.

“As this is an ongoing investigation, and our priority is keeping the impact of the incident contained, the time frame for recovery could shift,” Voyager stated.

Data Leak of Major Integrated Shipping company

On December 27, 2022, the Play ransomware group targeted and leaked sensitive data of a major Swedish integrated shipping company – Furetank Rederi AB. In addition to managing tankers, Furetank is the crewing and technical manager for the Swedish nuclear fuels’ transportation vessel SIGRID on behalf of SKB (Svensk Kärnbränslehantering). The data included personal documents, private data, IDs, Shipment Information, etc.

Figure 3: Furetank targeted by Play ransomware group

Cyber Attack on APM terminals

Netherlands-based port operating company APM Terminals and a unit of Danish shipping company Maersk’s Transport and Logistics division were targeted by Hive Leaks ransomware group on November 7, 2022.

Figure 4: APM Terminals attacked by Hive Leaks

Cyber Attack on Multinational Airline – AirAsia

On November 20, 2022, the Daixin Team ransomware group attacked  AirAsia, a Malaysian multinational airline. The leaked database involved unique passengers’ data and employees’ personal data. As the leak has a high volume of data, CRIL believes that the leaked data will be further utilized in social engineering campaigns.

Figure 5: AirAsia fell victim to Daixin Team ransomware group

Cyber Attack on Nok Airlines

On November 20, 2022, the Alphavm group ransomed and leaked critical information (confidential documents, internal reports, sensitive files, etc.) of Nok Airlines Public Company Limited. Nok Airlines Public Company Limited is a joint venture between public and private investors.

Figure 6: Thai-based Nok Airlines targeted by Alphavm

Conclusion

The Transportation sector is at a high risk of cyber-attacks due to the current geopolitical instability, economic recession, and energy crisis. These factors have led to increased competition and pressure on companies to cut costs, which has led to a lack of investment in cybersecurity. Additionally, geopolitical instability is leading to disruptions in supply chains and the flow of goods, making it easier for attackers to exploit Information Technology (IT), Operational Technology (OT), and Industrial Internet of Things (IIoT) vulnerabilities in transportation systems.

Furthermore, the energy crisis has led to power outages and disruptions in Transportation infrastructure, making it more vulnerable to cyber-attacks. These attacks can significantly impact global trade and markets, causing delays and economic losses. To mitigate these risks, transportation companies need to be proactive in implementing robust security protocols and be vigilant in monitoring and responding to potential threats.

CRIL believes that in the coming time, cyber-attacks on entities dealing in Transportation will increase rapidly, due to the supply chain attacks and targeted attacks on SATCOM devices contributing to the sector.

Recent Blogs

BATLoader-RATs-Stealers-OneNote

Cyble analyzes BATLoader – A sophisticated loader being utilized by Threat Actors to deliver several malware families.

Read More »
Qakbot-Microsoft-OneNote

Cyble Research & Intelligence Labs analyzes new strategies deployed by Qakbot to infect users via Microsoft OneNote.

Read More »
Scroll to Top