threatpost.com
Open in
urlscan Pro
35.173.160.135
Public Scan
URL:
https://threatpost.com/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/
Submission: On March 19 via api from US — Scanned from DE
Submission: On March 19 via api from US — Scanned from DE
Form analysis 4 forms found in the DOM
POST /agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/#gf_5
<form method="post" enctype="multipart/form-data" target="gform_ajax_frame_5" id="gform_5" action="/agencies-satellite-hacks-gps-jamming-airplanes-critical-infrastructure/178993/#gf_5">
<div class="gform_body gform-body">
<ul id="gform_fields_5" class="gform_fields top_label form_sublabel_below description_below">
<li id="field_5_8" class="gfield field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text" for="input_5_8">Your name</label>
<div class="ginput_container ginput_container_text"><input name="input_8" id="input_5_8" type="text" value="" class="medium" placeholder="Your name" aria-invalid="false"> </div>
</li>
<li id="field_5_1" class="gfield gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text" for="input_5_1">Your e-mail address<span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_email">
<input name="input_1" id="input_5_1" type="text" value="" class="medium" placeholder="Your e-mail address" aria-required="true" aria-invalid="false">
</div>
</li>
<li id="field_5_9" class="gfield js-kaspersky-gform-recaptcha-placeholder gform_hidden field_sublabel_below field_description_below gfield_visibility_hidden">
<div class="ginput_container ginput_container_text"><input name="input_9" id="input_5_9" type="hidden" class="gform_hidden" aria-invalid="false" value=""></div>
</li>
<li id="field_5_2" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text gfield_label_before_complex"><span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_2">
<li class="gchoice gchoice_5_2_1">
<input class="gfield-choice-input" name="input_2.1" type="checkbox" value="I agree" id="choice_5_2_1">
<label for="choice_5_2_1" id="label_5_2_1">I agree to my personal data being stored and used to receive the newsletter</label>
</li>
</ul>
</div>
</li>
<li id="field_5_5" class="gfield input-without-label label-gdpr gfield_contains_required field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label screen-reader-text gfield_label_before_complex"><span
class="gfield_required"><span class="gfield_required gfield_required_asterisk">*</span></span></label>
<div class="ginput_container ginput_container_checkbox">
<ul class="gfield_checkbox" id="input_5_5">
<li class="gchoice gchoice_5_5_1">
<input class="gfield-choice-input" name="input_5.1" type="checkbox" value="I agree" id="choice_5_5_1">
<label for="choice_5_5_1" id="label_5_5_1">I agree to accept information and occasional commercial offers from Threatpost partners</label>
</li>
</ul>
</div>
</li>
<li id="field_5_10" class="gfield gform_validation_container field_sublabel_below field_description_below gfield_visibility_visible"><label class="gfield_label" for="input_5_10">Name</label>
<div class="ginput_container"><input name="input_10" id="input_5_10" type="text" value=""></div>
<div class="gfield_description" id="gfield_description_5_10">This field is for validation purposes and should be left unchanged.</div>
</li>
</ul>
</div>
<div class="gform_footer top_label"> <input type="submit" id="gform_submit_button_5" class="gform_button button screen-reader-text" value="Subscribe"
onclick="if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; "
onkeypress="if( event.keyCode == 13 ){ if(window["gf_submitting_5"]){return false;} window["gf_submitting_5"]=true; jQuery("#gform_5").trigger("submit",[true]); }" disabled="disabled"
style="display: none;"> <input type="hidden" name="gform_ajax" value="form_id=5&title=&description=&tabindex=0">
<input type="hidden" class="gform_hidden" name="is_submit_5" value="1">
<input type="hidden" class="gform_hidden" name="gform_submit" value="5">
<input type="hidden" class="gform_hidden" name="gform_unique_id" value="">
<input type="hidden" class="gform_hidden" name="state_5" value="WyJbXSIsImIwODQwZTA2ZGQ0NzYwODcyOTBkZjNmZDM1NDk2Y2ZkIl0=">
<input type="hidden" class="gform_hidden" name="gform_target_page_number_5" id="gform_target_page_number_5" value="0">
<input type="hidden" class="gform_hidden" name="gform_source_page_number_5" id="gform_source_page_number_5" value="1">
<input type="hidden" name="gform_field_values" value="">
</div>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1647657827056">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>POST https://threatpost.com/wp-comments-post.php
<form action="https://threatpost.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<div class="o-row">
<div class="o-col-12@md">
<div class="c-form-element"><textarea id="comment" name="comment" cols="45" rows="8" aria-required="true" placeholder="Write a reply..."></textarea></div>
</div>
</div>
<div class="o-row">
<div class="o-col-6@md">
<div class="c-form-element"><input id="author" name="author" placeholder="Your name" type="text" value="" size="30"></div>
</div>
<div class="o-col-6@md">
<div class="c-form-element"><input id="email" name="email" placeholder="Your email" type="text" value="" size="30"></div>
</div>
</div>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="c-button c-button--primary" value="Send Comment"> <input type="hidden" name="comment_post_ID" value="178993" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="7651426d35"></p><!-- the following input field has been added by the Honeypot Comments plugin to thwart spambots -->
<input type="hidden" id="cFj7no4DhhY7C3x2FJO9r87zs" name="bY2kXx18vZrt3jhQ9htGYCb6h">
<script type="text/javascript">
document.addEventListener("input", function(event) {
if (!event.target.closest("#comment")) return;
try {
grecaptcha.render("recaptcha-submit-btn-area", {
"sitekey": "6LfsdrAaAAAAAMVKgei6k0EaDBTgmKv6ZQrG7aEs",
"theme": "standard"
});
} catch (error) {
/*possible duplicated instances*/ }
});
</script>
<script src="https://www.google.com/recaptcha/api.js?hl=en&render=explicit" async="" defer=""></script>
<div id="recaptcha-submit-btn-area"> </div>
<noscript>
<style type="text/css">
#form-submit-save {
display: none;
}
</style>
<input name="submit" type="submit" id="submit-alt" tabindex="6" value="Submit Comment">
</noscript>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_2" name="ak_js" value="1647657827095">
<script>
document.getElementById("ak_js_2").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET https://threatpost.com/
<form class="c-site-search__form" role="search" method="get" action="https://threatpost.com/">
<input type="text" class="c-site-search__field" name="s" placeholder="Search">
<button type="submit" class="c-button c-button--secondary c-button--smaller c-site-search__button" value="Search"><svg class="icon fill">
<use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://threatpost.com/wp-content/themes/threatpost-2018/assets/sprite/icons.svg#icon-search"></use>
</svg> Search</button>
<div class="c-site-search__overlay"></div>
</form>Text Content
Newsletter
SUBSCRIBE TO OUR THREATPOST TODAY NEWSLETTER
Join thousands of people who receive the latest breaking cybersecurity news
every day.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
* Your name
* Your e-mail address*
*
* *
* I agree to my personal data being stored and used to receive the
newsletter
* *
* I agree to accept information and occasional commercial offers from
Threatpost partners
* Name
This field is for validation purposes and should be left unchanged.
Δ
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn
Park, Woburn, MA 01801. Detailed information on the processing of personal data
can be found in the privacy policy. In addition, you will find them in the
message confirming the subscription to the newsletter.
Threatpost
* Podcasts
* Malware
* Vulnerabilities
* InfoSec Insiders
* Webinars
*
*
*
*
*
*
*
Search
* DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest DataPrevious
article
*
AGENCIES WARN ON SATELLITE HACKS & GPS JAMMING AFFECTING AIRPLANES, CRITICAL
INFRASTRUCTURE
Author: Tara Seals
March 18, 2022 4:05 pm
4 minute read
Write a comment
Share this article:
*
*
The Russian invasion of Ukraine has coincided with the jamming of airplane
navigation systems and hacks on the SATCOM networks that empower critical
infrastructure.
In a warning to aviation authorities and air operators on Thursday, the European
Union Aviation Safety Agency (EASA) warned of satellite jamming and spoofing
attacks across a broad swath of Eastern Europe that could affect air navigation
systems.
The warning came in tandem with a separate alert from the FBI and the U.S.
Cybersecurity Infrastructure and Security Agency (CISA) that hackers could be
targeting satellite communications networks in general.
QUIT JAMMIN’ ME
The navigation-jamming attacks affecting airplanes started Feb. 24, the first
day of the Russian invasion of Ukraine, EASA said – and they’ve continued to
proliferate. So far, the affected areas include the Black Sea airspace, Eastern
Finland, the Kaliningrad region and other Baltic areas, and the Eastern
Mediterranean area near Cyprus, Turkey, Lebanon, Syria and Israel, as well as
Northern Iraq.
“The effects of [Global Navigation Satellite Systems (GNSS)] jamming and/or
possible spoofing were observed by aircraft in various phases of their flights,
in certain cases leading to re-routing or even to change the destination due to
the inability to perform a safe landing procedure,” EASA warned (PDF). “Under
the present conditions, it is not possible to predict GNSS outages and their
effects.”
Losing a GNSS signal could result in many negative outcomes, including pilots
“flying blind,” without the use of waypoint navigation to tell where they are.
Outages could also affect the ability for an airplane’s instrumentation to
accurately track the aircraft’s position, which could lead to a plane entering
contested airspace; the inability to properly gauge one’s proximity to the
ground (which could trigger pull-up commands, according to the alert); or the
failure of systems that address dangers like wind shear.
“The magnitude of the issues generated by such outage would depend upon the
extent of the area concerned, on the duration and on the phase of flight of the
affected aircraft,” EASA warned.
The agency urged air operators to make sure that fall-back conventional
navigation infrastructure is fully operational onboard the aircraft, and to
ensure reliable surveillance coverage that is resilient to GNSS interference,
such as ground-based navigational aids (i.e., Distance Measuring Equipment or
DME, and Very High Frequency omnidirectional range or VOR).
“Verify the aircraft position by means of conventional navigation aids when
flights are operated in proximity of the affected areas; check that the
navigation aids critical to the operation for the intended route and approach
are available; and remain prepared to revert to a conventional arrival procedure
where appropriate and inform air traffic controllers in such a case,” EASA
recommended. “Ensure, in the flight planning and execution phase, the
availability of alternative conventional arrival and approach procedures (i.e.
an aerodrome in the affected area with only GNSS approach procedure should not
be considered as destination or alternate).”
CISA WARNS ON SATELLITE NETWORK HACKING
The concerns over the hacking of satellite systems in general also began Feb.
24, when Ukrainian official reported that hackers had apparently compromised one
of the nation’s satellite systems. According to Reuters, the attack made
communication with the Viasat KA-SAT satellite impossible, which resulted in
internet outages across Europe, with tens of thousands of people cut off.
The cyberattackers took advantage of a misconfigured management interface for
the satellite network, Viasat said.
The National Security Agency is looking into whether the attack was carried out
by Russian state-sponsored actors, according to the report.
This week, CISA tersely warned that it is “aware of possible threats to U.S. and
international satellite communication (SATCOM) networks. Successful intrusions
into SATCOM networks could create risk in SATCOM network providers’ customer
environments.”
The agency advised satellite operators to start monitoring at ingress and egress
points for anomalous traffic, including the use of various remote access tools
(Telnet, FTP, SSH and so on); connections out to “unexpected” network segments;
unauthorized use of local or backup accounts; unexpected traffic to terminals or
closed-group SATCOM networks; and brute-force login attempts.
Satellite customers meanwhile should implement multifactor authentication (MFA)
on their accounts, CISA warned, and should shore up least-privilege approaches
for any sensitive areas served by satellite links.
Andreas Galauner, lead security researcher at Rapid7, noted that in the U.S.,
critical infrastructure is likely the target for such attacks.
“Almost no private individual uses SATCOM, as it is costly and the latency is
too high and slow,” he said via email. “This leaves industrial and critical
infrastructures, which makes SATCOM an appealing target.”
James McQuiggan, security awareness advocate at KnowBe4, made a similar
assessment.
“Communication is a critical element needed in life these days, whether between
families or between governments,” he emailed. “If the ability to communicate is
lost, it becomes challenging to strategize, coordinate or plan. When
cybercriminals are targeting this element of critical infrastructure,
cyber-resiliency is essential to remain in contact. Organizations working with
SATCOM products or services need to ensure protections to secure access to the
devices with multi-factor authentication. Ensure all systems are up to date with
software and firmware updates, increase monitoring of traffic and logs, and
review incident response plans to prepare for an outage.”
ISPs of all stripes should be vigilant, Galauner added.
“Even though this particular risk relates to satellite communication networks,
this has happened before in ‘normal’ ISPs,” he said. “In those instances, what
got ‘pwned’ is the CPE: modems and routers that weren’t configured properly by
the ISP. This could happen on DSL and cable lines as much as it can happen here.
However, a satellite network, possibly spanning huge geographical areas, might
allow attackers to perform more widespread attacks without having to be in the
physical vicinity.”
Moving to the cloud? Discover emerging cloud-security threats along with solid
advice for how to defend your assets with our FREE downloadable eBook, “Cloud
Security: The Forecast for 2022.” We explore organizations’ top risks and
challenges, best practices for defense, and advice for security success in such
a dynamic computing environment, including handy checklists.
Write a comment
Share this article:
* Critical Infrastructure
* Government
* Web Security
SUGGESTED ARTICLES
DARKHOTEL APT TARGETS WYNN, MACAO HOTELS TO RIP OFF GUEST DATA
A DarkHotel phishing campaign breached luxe hotel networks, including Wynn
Palace and the Grand Coloane Resort in Macao, a new report says.
March 18, 2022
SANDWORM APT HUNTS FOR ASUS ROUTERS WITH CYCLOPS BLINK BOTNET
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power
grid takedown could be setting up for additional sinister attacks, researchers
said.
March 18, 2022
GOOGLE BLOWS LID OFF CONTI, DIAVOL RANSOMWARE ACCESS-BROKER OPS
Researchers have exposed the work of Exotic Lily, a full-time cybercriminal
initial-access group that uses phishing to infiltrate organizations’ networks
for further malicious activity.
March 18, 2022
DISCUSSION
LEAVE A COMMENT CANCEL REPLY
Δ
This site uses Akismet to reduce spam. Learn how your comment data is processed.
INFOSEC INSIDER
* THE UNCERTAIN FUTURE OF IT AUTOMATION
March 8, 2022
* 6 CYBER-DEFENSE STEPS TO TAKE NOW TO PROTECT YOUR COMPANY
February 25, 2022
1
* THE HARSH TRUTHS OF CYBERSECURITY IN 2022, PART II
February 24, 2022
2
* 3 TIPS FOR FACING THE HARSH TRUTHS OF CYBERSECURITY IN 2022, PART I
February 9, 2022
* ‘LONG LIVE LOG4SHELL’: CVE-2021-44228 NOT DEAD YET
February 4, 2022
Newsletter
SUBSCRIBE TO THREATPOST TODAY
Join thousands of people who receive the latest breaking cybersecurity news
every day.
Subscribe now
Twitter
Russian APT behind the NotPetya attacks and the Ukrainian power grid takedown
could be plotting new attacks, accord… https://t.co/CTmwiAlxsZ
2 hours ago
Follow @threatpost
NEXT 00:02 01:29 360p 720p HD 1080p HD Auto (360p) About Connatix V155136 Closed
Captions About Connatix V155136
1/1 Skip Ad Continue watching after the ad Visit Advertiser websiteGO TO PAGE
SUBSCRIBE TO OUR NEWSLETTER, THREATPOST TODAY!
Get the latest breaking news delivered daily to your inbox.
Subscribe now
Threatpost
The First Stop For Security News
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
* Copyright © 2022 Threatpost
* Privacy Policy
* Terms and Conditions
* Advertise
*
*
*
*
*
*
*
TOPICS
* Black Hat
* Breaking News
* Cloud Security
* Critical Infrastructure
* Cryptography
* Facebook
* Government
* Hacks
* IoT
* Malware
* Mobile Security
* Podcasts
* Privacy
* RSAC
* Security Analyst Summit
* Videos
* Vulnerabilities
* Web Security
Threatpost
*
*
*
*
*
*
*
TOPICS
* Cloud Security
* Malware
* Vulnerabilities
* Privacy
Show all
* Black Hat
* Critical Infrastructure
* Cryptography
* Facebook
* Featured
* Government
* Hacks
* IoT
* Mobile Security
* Podcasts
* RSAC
* Security Analyst Summit
* Slideshow
* Videos
* Web Security
AUTHORS
* Tara Seals
* Tom Spring
* Lisa Vaas
THREATPOST
* Home
* About Us
* Contact Us
* Advertise With Us
* RSS Feeds
Search
*
*
*
*
*
*
*
InfoSec Insider
INFOSEC INSIDER POST
Infosec Insider content is written by a trusted community of Threatpost
cybersecurity subject matter experts. Each contribution has a goal of bringing a
unique voice to important cybersecurity topics. Content strives to be of the
highest quality, objective and non-commercial.
Sponsored
SPONSORED CONTENT
Sponsored Content is paid for by an advertiser. Sponsored content is written and
edited by members of our sponsor community. This content creates an opportunity
for a sponsor to provide insight and commentary from their point-of-view
directly to the Threatpost audience. The Threatpost editorial team does not
participate in the writing or editing of Sponsored Content.
We use cookies to make your experience of our websites better. By using and
further navigating this website you accept this. Detailed information about the
use of cookies on this website is available by clicking on more information.
ACCEPT AND CLOSE
Notifications