Polish airline LOT grounded after 'first of its kind' cyber attack

Ten flights were cancelled yesterday, and another 12 delayed, after a cyber-attack forced Poland’s national airline LOT to take action.

The cyber attack targeted computers issuing flight plans at Warsaw's Okecie airport, and more than 1,400 passengers were affected.

Principal security researcher at Kaspersky Lab David Emm says the circumstances surrounding the hack are still unknown.

“At the moment we have no idea how the attack on Polish airline LOT was launched, the nature of the systems targeted or what the motives of the attackers may have been, beyond the fact that the attack affected ancillary systems rather than the planes themselves”, says Emm.

“This story highlights the fact that, as more and more aspects of our lives become cyber-dependent, we offer a greater attack surface to cybercriminals – including critical infrastructure systems,” he says, adding: “It also follows on from recent concerns about possible threats to aeroplane security from Wi-Fi.”

Emm also said it’s essential that all organisations pay close attention to security, assessing the potential risks and deploying defence in-depth to reduce the risks.

On Sunday evening services went back to normal, and the attack is now under investigation. Flights to Dusseldorf, Hamburg and Copenhagen and Polish cities were affected, although LOT stressed that the glitch did not affect the airport or aeroplanes that were already in the air.

"We're using state-of-the-art computer systems, so this could potentially be a threat to others in the industry," said LOT spokesman Adrian Kubicki for the BBC.

The source of the hack is not yet known.

Industry reaction

Tim Erlin, Director of Security and Product Management at Tripwire, said: “This incident demonstrates that while attacking in-flight systems may have made headlines recently; there are many more areas of vulnerability to address in the aviation industry. Like most industries today, aviation relies on a wide variety of interconnected systems, from air traffic control to reservations systems.

"There’s no reason to believe that cybercriminals aren’t just as interested in credit cards or personal data collected, stored and transmitted by airlines as they clearly are in retailers. In many cases, it’s the data that’s the target, rather than the company collecting it."

Chris Pace, Head of Product Marketing at Wallix, commented: "The LOT Airlines hack highlights the need for greater transparency in how the airline industry handles cyber threats. Airlines hold a great deal of highly personal information which is highly attractive to cyber crime gangs. While LOT executives assure us there is not danger in-flight, which is of course the foremost concern, we have no way of telling how much information has been compromised.

"The airline industry needs to tighten the way information is controlled and accessed. Just two months ago, in April, Ryan Air fell victim to a major hack in which 5 million USD was stolen from its bank account. These kind of attacks will keep happening unless the airlines re-think their information security measures. Traditional security focuses on keeping the bad guys out, but very little attention is paid to what hackers can do once they are in your network.

"The majority of attacks exploit the username and password details of privileged users, which then enables access to confidential data and key infrastructure. Unless the airline industry tightens access controls to information, the potential for a truly devastating attack will persist."