Airbus Attacked by Avivore – China’s Bird Eater

Last week brought to light the significant challenge aerospace and defense companies face in protecting their IP. According to ZDNet, European aerospace and defense giant Airbus had its IP stolen by Chinese hacking group Avivore. Avivore – which translates as Bird Eater – successfully compromised Airbus by going after its downstream suppliers such as engine-supplier Rolls-Royce and tech consultancy Expleo.
 
Given the company’s cutting-edge aerospace technologies and its role as a leading provider of strategic military supplies and information, it is no surprise that Airbus is a tempting target for attackers. Faced with the challenge of protecting its highly valuable IP, how can Airbus protect itself? How can they protect the information they share with their suppliers in emails and documents without becoming breached?
 

The defense supply chain under assault

 
Articles written on Avivore’s attack show that Airbus itself was too well protected to be attacked directly. So, the attackers focused on stealing key IP that was held by the company’s small suppliers. As one European aerospace analyst noted in discussing the hack:
 

Very large companies are very well protected, it’s hard to pirate them, so smaller companies are a better target

 
Avivore was able to go after the smaller suppliers by masquerading as a legitimate user on supplier networks. Not realizing they were intruders, suppliers enabled them to have access to sensitive email and files. In this way, Avivore was able to bypass the suppliers’ defense networks and steal the information.
 
The hackers went after technical documents related to the certification for different parts of Airbus aircraft. Several of the stolen documents were related to the engines of the Airbus’ A400M military transport plane, which has some of the most powerful propeller engines in the world. Hackers were also interested in the propulsion systems for the Airbus A350 passenger jet, as well as its avionics systems controlling the plane.
 

The U.S. defense architecture is also challenged

 
These same types of supply chain attacks happen to American defense firms as well. Specifically, In October 2018, the US Justice department listed several Chinese officers as being responsible for a hacking operation targeting an engine being developed by General Electric and French aerospace group Safran.
 
The U.S. defense supply chains are a target for China and other nations seeking to undermine U.S. competitiveness. As a result, the DoD has started auditing not just prime contractors but also their suppliers. According to Katie Arrington (Special Assistant to the Assistant Secretary of Defense for Acquisition for Cyber):
 

Adversaries aren’t going after a Lockheed Martin, at the top prime level, they’re going after the small business, that [Small Business Innovation Research awardee], that [other transaction authority firm] that’s the most vulnerable.

Fighting back

 
Avivore infiltrated supplier’s email and files by pretending to be a legitimate user. As such, a solution for protecting suppliers’ data must begin with finding a way to ensure that only legitimate and known users can access this information. This solution must ensure that a user’s identity cannot be spoofed, guessed, stolen or phished. Moreover, the solution must also protect the data itself.
 
The best way to provide this security is through the use of end-to-end encryption. End to end encryption secures data so that it is only ever read by the sender and recipient and no one else. End to end encryption ensures data is only decrypted on the endpoints. Never on the server. In this manner, hackers trying to hack data on the server will only get gibberish because the information has not been shared with them.
 
Moreover, end-to-end encryption protects users’ identity by creating a private key which is stored on their device. This key is established at the time of account creation and, unlike a password, cannot be guessed or spoofed. If a hacker tried to access an email or file that had not been shared with their account, they would not be able to.
 
Traditionally, systems securing email and files with end-to-end encryption have been hard to implement and challenging for end users to employ. Users have had to jump from screen to screen and leave their native inbox. Administrators have had to manage unwieldy systems. Fortunately, there are now platforms that are easy to use, easy to implement, and integrate with traditional office systems like Outlook, Gmail, File Explorer and Mac Mail.
 

The solution

 
PreVeil supplies many aerospace and defense industry contractors with this very type of end-to-end encrypted solution – a secure, cloud-based platform that provides encrypted email and file sharing protected by end-to-end encryption and confirms users’ identity. With PreVeil, large tier one contractors and smaller suppliers can confidently exchange their IP up and down the supply chain.
 
Learn more about how PreVeil can help your A&D company protect is IP. Read our whitepaper on A and D Compliance in the face of Increasing DoD Regulation.
 

The post Airbus Attacked by Avivore – China’s Bird Eater appeared first on PreVeil.

*** This is a Security Bloggers Network syndicated blog from PreVeil authored by Orlee Berlove. Read the original post at: https://www.preveil.com/blog/airbus-suffers-supply-chain-breach/