The cyber security status of top 100 airports,where is ENTEBBE?



New research from web security company Web finds that 97 out of 100 the world’s largest airports have security risks related to vulnerable web and mobile applications, misconfigured public cloud, Dark Web exposure or code repositories leaks.
The 2020 annual meeting of the World Economic Forum (WEF) urged the consideration of emerging cybersecurity challenges in the aviation industry, addressed in its “Advancing Cyber Resilience in Aviation: An Industry Analysis” report.
To shed some light on the current state of aviation transportation security, ImmuniWeb decided to conduct research on cybersecurity, compliance and privacy of the world’s largest airports.

Key findings

Top 3 Most Secure Airports:

During the research, ImmuniWeb identified three international airports that successfully passed all the tests without a single major issue being detected:
— Amsterdam Airport Schiphol (EU)
— Helsinki-Vantaa Airport (EU)
— Dublin Airport (EU)

Main Website Security:

Application weaknesses and software vulnerabilities continue to be the most common means by which cyber criminals carry out external attacks says Forrester in its recent research.
Regrettably, only 3 main (“www.”) websites of the airports received the best possible “A+” grade, 15 got an “A” grade:
As many as 24 of the main websites had a failing “F” grade, meaning that they had outdated software with known and exploitable security vulnerabilities in CMS (e.g. WordPress) and/or web component (e.g. jQuery). Some of the websites even had several vulnerable components as detailed below:
— 97% of the websites contain outdated web software
— 24% of the websites contain known and exploitable vulnerabilities
— 76% and 73% of the websites are not compliant with GDPR and PCI DSS respectively
— 24% of the websites have no SSL encryption or use obsolete SSLv3
— 55% of the websites are protected by a WAF

Mobile Application Security:

During this research, we found and tested 36 official mobile applications belonging to the airports. In total, 530 security and privacy issues were identified, including 288 mobile security flaws (15 per application on average). We found that:
— 100% of the mobile apps contain at least 5 external software frameworks
— 100% of the mobile apps contain at least 2 vulnerabilities
— 15 security or privacy issues are detected per app on average
— 33.7% of the mobile apps outgoing traffic has no encryption

Dark Web Exposure, Code Repositories and Cloud:

Compared to the Fortune 500 companies’ exposure, global airports are doing fairly well. For the purpose of this research, ImmuniWeb leveraged its award-winning AI technology to distil findings from the Dark Web marketplaces and other locations, notably to remove duplicates, fakes and irrelevant findings.
After purification of the results, the research team found that 66 out of the 100 airports are exposed on the Dark Web in one way or another. 13 airports have leaks or exposures of a critical risk:
— 66% of the airports are exposed on the Dark Web
— 72 out of 325 exposures are of a critical or high risk indicating a serious breach
— 87% of the airports have data leaks on public code repositories
— 503 out of 3184 leaks are of a critical or high risk potentially enabling a breach
— 3% of the airports have unprotected public cloud with sensitive data
Ilia Kolochenko, CEO & Founder of ImmuniWeb, comments: “Given how many people and organizations entrust their data and lives to international airports every day, these findings are quite alarming. Being a frequent flyer, I frankly prefer to travel via the airports that do care about their cybersecurity. Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of travellers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure.
Today, when our digital infrastructure is extremely intricate and intertwined with numerous third-parties, holistic visibility of your digital assets and attack surface is pivotal to ensure the success of your cybersecurity program. Without it, all your efforts and spending are unfortunately vain.”

How to Reduce the Risks

— Implement a continuous security monitoring system with anomaly detection to spot intrusions, phishing and password re-use attacks.
— Run a continuous discovery and inventory of your digital assets, visualize your external attack surface and risk exposure with an Attack Surface Management (ASM) solution enhanced with Dark Web and code repositories monitoring.
— Implement a holistic, DevSecOps-enabled application security program to test and remediate your web and mobile applications, APIs and OSS in a timely manner
— Implement a third-party risk management program encompassing continuous monitoring of your vendors and suppliers going beyond a paper-based questionnaire.
— Invest in security awareness of your personnel, explain the risks of using professional emails on third-party resources, gamify anti-phishing training and reward the best learners.

Comments

Post a Comment

Popular posts from this blog

MTN uganda on is on fire because of espionage,fraud,tax evasion and unfair competetive tendencies

MTN uganda must have faced the toughest times in its business spel for the beginning of this year.But as many may be aware,MTN's problem are not of today only but a series of mistakes and misunderstanding that gradually escalated from around mid 2010 through to early days of 2019.The most alarming of these mistakes was the unsurety of the customers privacy and the unrealistic licence it got after a long sacffle with the government of the republic of uganda. Many people have been wondering how or if its true that mtn and its staff was involved in data leakages,exposing customers privacy to intrusion or any sort of espionage.on the first two i can assure you that mtn face data leakages and its customers were exposed to dangers of loosing their private data to dubious intruders,plus fraudulent acts that did occur mostly on mobile money services,its really annoying that mtn when contacted on these fraudulent issues alway would take a low pace and in most case ignore it in tge long end
Read more

United kingdom's Coronavirus Contact Tracing App Assists 'Surveillance State'

Image
In the letter, the signatories - which include tech justice NGO Foxglove and digital rights campaigners Access Now - say the proposed app could be another step towards a surveillance state. Campaign groups have written an open letter to UK Prime Minister Boris Johnson warning GCHQ and its digital arm, the National Cyber Security Centre (NCSC), will have the capacity to re-identify the phones of people who install the country’s coronavirus contact-tracing app. They also note the legal framework underpinning the software, which is currently being trialled on the Isle of Wight, is believed to be inadequate to protect people from misuse of their data by the Joint Committee on Human Rights. “Parliament has to quickly issue an adequate legal framework that guarantees users’ human rights protection. In addition, contrary to some recommendations, the app the Government is trialling uses a centralised model for the collection, processing and storage of users’ data. The centralised rec
Read more

Citzens have done a great work in the arrest of an armed robber

Vigilant residents arrest armed man Residents of Kiwatule this afternoon foiled an attempted robbery in Kiwatule after gunman entered Liquid Cash Emergency Loans with intent to rob. The suspect, Isaac Mulengenyi, 23, reportedly fired in the air to scare onlookers however mob charged at him, arrested and handed him to police. A case of aggravated robbery has been opened at Ntinda Police Station Vide CRB 123/2019 while a rifle has been recovered with nine rounds of ammunition. The suspect is still being detained at Ntinda pending appearance before court.
Read more