Pro-Russian hacking group claims responsibility for disruption of US airport websites

Pro-Russian hacking group claims responsibility for disruption of US airport websites

Incident Date : 2022 | Topic : Airport,Aviation,Cyber | Region : Europe,North America | Tag : Case Study

On Monday October 10 several U.S. airport websites were temporarily inaccessible or otherwise disrupted as a result of a targeted DDoS attack reportedly carried out by Killnet, a politically motivated, pro-Russian hacker group.

Prior to the attack, Killnet published a target list on its Telegram channel as a call to arms for like-minded recruits.  Among the airports targeted included some of the largest and busiest airports in the United States including Hartsfield-Jackson International in Atlanta, Los Angeles International (LAX), LaGuardia Airport in New York and Chicago O’Hare, among others.

While the incident may have caused inconvenience to people seeking travel information, Kiersten Todt, Chief of Staff of the US Cybersecurity and Infrastructure Security Agency (CISA) stated that there is ‘no concern about operations being disrupted,’ and no signs of impact to actual air travel were reported in the aftermath of the attack.

A DDoS attack involves flooding a computer network with simultaneous data transmissions, i.e., phony web traffic, with the aim of knocking it offline.  As opposed to hacking attacks which involve breaking into networks, DDoS attacks aren’t aimed at accessing information.  Instead, the objective is to disrupt the normal traffic of a targeted server, service or network by overwhelming the target and/or its surrounding infrastructure with a floor of internet traffic, thereby causing it to crash or become vulnerable from the volume of requests.

The Killnet hacker group has taken responsibility for a number of attacks targeting organizations in NATO countries since the onset of Russia’s incursion into Ukraine.  Last week, the group claimed responsibility for knocking a number of US state government websites offline using the same DDoS cyberattack modus operandi.  The group has also been blamed for briefly disrupting a US Congress website and for a number of cyber attacks targeting Lithuanian agencies, citing their involvement in the ongoing war.

This attack is yet another in an ever-growing list of incidents clearly demonstrating that even our most critical infrastructures are highly vulnerable to manipulation and exploitation.  And while the impacts of this attack were minor, we must recognize that similar types of cyber attacks against key assets have the potential to cause catastrophic consequences.  As a result, it is essential for everyone, not just critical infrastructures like airports and government bodies, but individuals and businesses alike, to take appropriate counter-measures aimed at securing their most critical networks and systems from relevant insider and external threats.

Click here to apply to receive our full case study analysis, including insights and recommendations.