Cybersecurity Lacking At Most Of The World’s Major Airports

When it comes to cybersecurity Amsterdam, Helsinki and Dublin were ranked the three safest airports by Immuniweb, but overall these facilities fared poorly when it came to protecting their websites, mobile platforms and systems.

The study found 97 of the world’s 100 largest airports have have security risks related to vulnerable web and mobile applications, misconfigured public cloud, dark web exposure or code repositories leaks. Some of the most egregious findings were:

97 percent of the websites contain
outdated web software.
24 percent of the websites contain
known and exploitable vulnerabilities.
76 percent and 73 percent of the
websites are not compliant with GDPR and PCI DSS, respectively.
100 percent of the mobile apps
contain at least five external software frameworks.
100 percent of the mobile apps
contain at least two vulnerabilities.

This
translated into 47 percent of the airports studied receiving a C grade, meaning
there were security vulnerabilities or several serious misconfigurations found;
11 percent got a B, several minor issues or insufficient security hardening; 14
topped out with an A or A+ with the latter meaning there were no issues and the
former only a few minor problems discovered.

Twenty-four airports received a failing F. This means exploitable and publicly known security vulnerabilities were found. This included having outdated components, outdated CMS, vulnerable components or a vulnerable CMS.

The report
was also particularly damning of the failure of most airports to be GDPR or PCI
DSS compliant. Only 24 percent of the main websites and 12 percent of
subdomains were GDPR compliant. PCI DSS was almost as bad with only 27 percent
falling within regulations.

When it came
to securing email only 32 of the 147 email servers properly implemented SSL/TLS,
44 servers had poorly implemented the protocol and 48 percent do not support
SSL/TLS encryption at all leaving them open to Man-in-the-Middle attacks and having
traffic intercepted.

“Cybercriminals
may well consider attacking the unwitting air hubs to conduct chain attacks of
the travelers or cargo traffic, as well as aiming attacks at the airports
directly to disrupt critical national infrastructure,” said Ilia Kolochenko,
CEO and founder of ImmuniWeb.

Source: https://www.scmagazine.com/home/security-news/cybersecurity-lacking-at-most-of-the-worlds-major-airports/

Generative Data Intelligence

Cybersecurity lacking at most of the world’s major airports

More Than 3× As Many Tesla Model Y Sales As Tesla Model 3 Sales In USA In 1st Quarter – CleanTechnica

Volkswagen Gets Critical Tech Boost in China from Xpeng – CleanTechnica

Latest Intelligence

A studio helmed by StarCraft 2’s multiplayer lead wants to create an RTS ‘paradigm shift’ with its unannounced game

No Rest for the Wicked isn’t a Diablo, but it might be one of the smartest soulslikes I’ve played in a long time

Moment Factory Harnesses Sphere’s Next-Generation Technologies to Reimagine Concert Experience

Introducing automatic training for solutions in Amazon Personalize | Amazon Web Services

Save 20% On No Rest For The Wicked, And Get A Free Game For A Limited Time

Pokémon Go Bellsprout Community Day guide

Chat with us