UPDATED 22:13 EST / SEPTEMBER 26 2019

SECURITY

Airbus hit by cyberattacks that targeted key suppliers

European aircraft maker Airbus SE apparently has been hit by a number of cyberattacks that targeted the computer systems of its key suppliers in what is believed to be a coordinated campaign by hackers with links to China.

The claim came today from the AFP news agency, which said the hacks targeted aircraft engine market Rolls-Royce Holdings Plc and French engineering firm Expleo Group, among others, with the number of attacks totaling four in the last 12 months.

An Airbus spokesperson partially confirmed the report, saying that the company is “aware of cyber events,” and like any major high-tech industrial player, it is a target for “malicious acts.” The Airbus spokesperson added that it “continuously monitors” such threats through detection systems and can take “immediate and appropriate measures to protect itself at all times.”

“Airbus has long been considered a tempting target because of the cutting-edge technologies that have made it one of the world’s biggest commercial plane manufacturers, as well as a strategic military supplier,” the AFP report noted. Those behind the attacks were interested in technical documents relating to Airbus aircraft including details on engines used on the Airbus A400M and A350 planes suggesting that corporate espionage was the aim of the attacks

Chinese officials have not commented on the report, but the Middle Kingdom has previously denied that it was involved in any hacking activities.

Ilia Kolochenko, founder and chief executive officer of web security company ImmuniWeb, told SiliconANGLE that cyber gangs have already been successfully targeting suppliers and other trusted parties of their victims for many years. “There is no need to undertake an expensive, time-consuming and risky assault of a castle if you can quickly get in via a loophole,” he said.

The problem, he added, is that most of the suppliers are battling to win bids in a highly competitive and turbulent global market and often ignore cybersecurity fundamentals.

“Implementation of information security at a level comparable to their VIP customers will boost their internal costs thereby considerably increasing their market prices making them uncompetitive,” he said. “Worse, large global companies such as Airbus have a great wealth of countless trusted third parties across the globe that it would be virtually unfeasible to keep an eye on how cybersecurity is implemented at their suppliers without skyrocketing monitoring and compliance costs.”

Indeed, he said, third-party risk management is still nascent in most of the organizations. That’s partly because shareholders likely won’t want their companies to  spend a lot of money surveilling third parties at their own expense.

Photo: Ienac/Wikimeida Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU