dampoint - stock.adobe.com

Attackers breached supplier systems to steal Airbus secrets

Airbus has been the subject of at least four major cyber attacks in the past 12 months, with contractors and suppliers targeted through their VPNs

Aerospace kingpin Airbus has been the subject of a number of major cyber attacks in the past year, with key suppliers to the business targeted by hackers in an attempt to breach its systems in search of valuable intellectual property.

Earlier in 2019, Airbus revealed it had been the subject of an attack that compromised personnel data files. It detected an intrusion on 6 January, and four days later discovered that personal data relating to some of its employees had been targeted, at which point it notified the French data protection authority under its General Data Protection Regulation (GDPR) reporting obligations.

Sources within the company revealed to news agency Agence France Presse that the firm now believes it has seen four large-scale attacks through different suppliers, named by the organisation as UK engine manufacturer Rolls-Royce, French tech consultancy Expleo, and two other unidentified companies.

In the named cases, it is alleged that the hackers targeted virtual private networks (VPNs) to gain remote access to systems. The sources claimed their attackers appeared particularly interested in technical documents pertaining to how Airbus components are certified, as well as information on the A350 family of aircraft and another military jet, and suggested this indicated that they likely had links to the Chinese government.

Chinese aviation firm Comac is currently developing a narrow-body twin-engine commercial airliner, the C919, the development and certification of which is behind schedule.

“As a major high tech and industrial player, Airbus is, like any other company, a target for malicious actors,” said an Airbus spokesperson. “Airbus continuously monitors activities on its systems, has detection mechanisms in place, and takes immediate and appropriate actions when needed.”

ImmuniWeb founder and CEO and penetration testing specialist Ilia Kolochenko observed that the act of targeting large enterprises through their suppliers and other trusted partners was not new.

“There is no need to undertake an expensive, time-consuming and risky assault of a castle if you can quickly get in via a loophole,” he said.

“Too many organisations are blind to what’s going on in their own systems – let alone the risk that their suppliers, or even their customers, might introduce”
Andrew Tsonchev, Darktrace

“The problem is that most of the suppliers struggle to win bids in a highly competitive and turbulent global market, often in conscious disregard of cyber security fundamentals. Implementation of information security at a level comparable to their VIP customers will boost their internal costs, thereby considerably increasing their market prices, making them uncompetitive.

“Worse, large global companies such as Airbus have such a great wealth of countless trusted third parties across the globe that it would be virtually unfeasible to keep an eye on how cyber security is implemented at their suppliers without skyrocketing monitoring and compliance costs.

“Third-party risk management is still nascent in most of the organisations and is frequently composed of paper-based superfluous control. Nonetheless, we cannot rebuke these companies in doing so, as shareholders will unlikely agree to spend many millions on surveilling third parties at their own cost,” he said.

Kolochenko went on to explain that different national and regional security standards would make a tricky situation trickier still for the likes of Airbus. While globally recognised standards can ensure a baseline of security practice is in place, these standards would by no means guarantee protection, and additional monitoring of suppliers is needed.

Darktrace technology director Andrew Tsonchev argued that the attacks were a perfect demonstration of the need to automate security in global supply chains such as Airbus.

“Networks are global and interconnected and so those with criminal intent have many points of vulnerability that may be tested in the pursuit of compromising them. It also means that attackers have more places to hide – the complexity of a global supply chain is their friend,” he said.

“Too many organisations are blind to what’s going on in their own systems – let alone the risk that their suppliers, or even their customers, might introduce. You need AI [artificial intelligence] to be continually monitoring networks in real time to identify problems as they emerge. We need to get on the front foot if we want to sleep better at night, embracing the reality of global supply chains, while proactively managing the risk.”

Read more about cyber attacks

Read more on Data breach incident management and recovery

Data Center
Data Management