How WestJet Dealt With ‘Hundreds of Thousands’ of Cyber Attacks

By Mark Holmes | September 7, 2018
Send Feedback

A WestJet Boeing 737 Next Generation. (WestJet)

 

The cyber threat to airlines is growing as hackers use more and more sophisticated techniques to gain access to valuable customer data. Devon Smibert, director of cybersecurity at Canadian airline WestJet spoke on Sept. 5 at the Aviation Festival in London about the cyber challenges facing an airline such as WestJet, as the challenges are relevant to customers in the satellite sector.

Smibert spoke about a baptism of fire he had after joining WestJet in January this year. Smibert joined WestJet Jan. 15 and on Sunday, Jan 21., he was getting a call from WestJet’s web operations manager about a denial of service attack targeting WestJet’s rewards platform. “We were getting hundreds of thousands of attacks against our system. We have about 80,000 passengers a day. The attacks were coming from countries we don’t operate in. We had attacks from India and other countries (Russia, Pakistan). We can just block all of the traffic from those countries. But, what happened after that is that the traffic shifted to Mexico, Canada, and the U.S. So, we can’t block those. It created a new set of problems for us to solve,” he said.

These attacks — known as credential stuffing attacks — are an example of the sophisticated threats that airlines are up against as they look to connect their fleets. Hackers are able to harvest details from previous hacks, get real username and password combinations, and then deploy a sophisticated credential stuffing attack. For airlines that are working more closely with the satellite industry, this is an example of a cyber threat they are likely to encounter.

Smibert spoke of the growing sophistication of the hacking threat facing companies in the aerospace sector. He mentioned that recent research from Cybersecurity Ventures estimated that revenues from cyber crime have now reached $1.5 trillion. Smibert also gave a recent example of a cryptocurrency investor who had $24 million in a single theft drained out of their account.

“Our friends at IATA say that the annual global revenues for the airline industry is $754 billion,” Smibert said. “The cyber crime industry is double of the airline industry. Hackers are extremely well funded, and largely act with impunity. A lot of these hackers operate in countries where there is tacit compliance. In North Korea, you have a State that has severe economic sanctions against them, and they use cyber to generate revenues. It is $1.5 trillion business with very low risk. They are investing heavily in Research and Development (R&D). They act more like tech startups rather than an organized crime groups. They are able to do very sophisticated things on their own. When we dissected the attack in January, they were using advanced automated orchestration against us. They were leveraging pretty intelligent software to leverage their attacks.”

This is a market that is growing in sophistication and capabilities at a rapid rate. According to Smibert, some forecasts indicate that damages from cyber crime could reach $6 trillion by 2021. Smibert cautioned companies in the aerospace sector who believe they are unlikely to be targeted by hackers. “A lot of organizations make the mistake that they don’t have anything of value for hackers,” he said. “People say ‘no one would ever target us.’ You have to stop thinking of hackers as sophisticated individuals; you have to think of them like thugs from the Walking Dead. They will comb the internet for anything of value.”

Read the full story on Via Satellite, a sister publication to Avionics.

Receive the latest avionics news right to your inbox