Cybersafetyconnections January 29th,2024 Vo#153
- From konbriefing we have Cyberattack on Beirut International Airport – Beirut, Lebanon this month of January 2024.
- Impact was felt by FIDS, baggage handling, travelers and airport workers.
- No group has claimed responsibility for this attack.
- Steps taken to mitigate loss from cyberattack has not yet been known. We have GPT for Excel Word to the rescue.
What happened?
Cyberattack at San Franciso Airport
We have information from Security Affairs that a cyber-attack recently struck the Rafic Hariri International Airport in Beirut, Lebanon.
Who was impacted?
The hackers managed to breach the Flight Information Display System (FIDS) and displayed a message on the screens claiming that Hezbollah and Iran are taking the country to war, ignoring the will of the Lebanese people. The message also stated that arms smuggling will lead to the bombing of the airport.
According to LBCI, the cyber-attack also disrupted the Baggage Handling System (BHS) at the airport. And it goes without saying this would make the work of Baggage handling difficult for the workers and very inconvenient for travelers.
Which cybercriminal Group was responsible?
Cybersecurity Capture the Flag
The escalation of tensions between Israel and Lebanon is believed to be the reason behind this cyberattack, but no hacker group has yet claimed responsibility for the breach.
How is the loss from the cyberattack being mitigated?
OWASP Threat and Safeguard Matrix
From what we have so far, not much information is available in terms of loss mitigation.
Below is the information.
- Because the Baggage Handling System was disrupted the personnel at the airport were forced to use police dogs to complete the inspection procedures of the baggage.
From GPT for Excel Word, here are steps to mitigate loss from data breach.
To prevent cyberattacks at Beirut International Airport, several measures can be implemented:
1. Strengthen Network Security:
Enhance the airport’s network security infrastructure by implementing robust firewalls, intrusion detection and prevention systems, network segmentation, and encryption protocols. Regularly update and patch all network devices and software to address any vulnerabilities.
2. Conduct Regular Security Audits:
Perform periodic security audits and vulnerability assessments to identify potential weaknesses in the airport’s systems. These audits can help discover vulnerabilities before they can be exploited by malicious actors.
3. Employee Training and Awareness:
Train all airport staff, including employees, contractors, and vendors, on cybersecurity best practices. This includes educating them about phishing attacks, strong password usage, and the importance of avoiding suspicious emails or clicking on unknown links.
4. Implement Access Controls:
Enforce strict access controls to limit unauthorized access to critical systems and sensitive information. Use strong authentication methods like multifactor authentication (MFA) to ensure that only authorized individuals can access key systems and databases.
5. Regular Data Backups:
Perform regular backups of critical systems and data to ensure that in the event of a cyberattack or data breach, the airport can easily restore its operations and minimize the impact of such incidents.
6. Incident Response Plan:
Develop a comprehensive incident response plan that outlines the steps to be taken in case of a cyberattack. This plan should include procedures for isolating infected systems, notifying relevant authorities, and restoring normal operations with minimum downtime.
7. Collaborate with Cybersecurity Experts:
Engage the services of professional cybersecurity firms to assess and enhance the airport’s overall security posture. These experts can provide valuable insights, conduct penetration testing, and offer recommendations to fortify the airport’s defenses against cyber threats.
8. Continuous Monitoring:
Deploy advanced threat detection and monitoring systems that can identify and respond to cybersecurity incidents in real-time. Implement security information and event management (SIEM) tools to gain visibility into network activities and detect any anomalous behavior that may signify a potential attack.
9. Regular Security Updates:
Ensure that all systems, software, and devices deployed at the airport are kept up to date with the latest security patches and updates. Promptly apply patches to address any known vulnerabilities and protect against potential exploits.
10. Public-Private Partnerships:
Foster collaborations between the airport authorities, government agencies, and private sector organizations to share threat intelligence and best practices. Participate in information sharing platforms and initiatives to stay updated on emerging cyber threats and preventive measures.
Conclusion
By implementing these preventive measures, Beirut International Airport can significantly enhance its cybersecurity defenses, reduce the risk of cyberattacks, and protect critical infrastructure and passenger information from potential harm.
Subscribe to get the latest blog post.
Your CyberSafety Advocate 