View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 31, 2020updated 06 Jul 2022 6:11am

Flying Blind: 70% of Airport Websites Contain Vulnerabilities

Real risk that attackers could start "aiming attacks at the airports directly to disrupt critical national infrastructure.”

By CBR Staff Writer

More than one in five websites operated by airports contain publicly known and exploitable vulnerabilities, while 97 percent still use some form of outdated web software, according to a new report by Switzerland-based web security company ImmuniWeb.

The company, which tested the cybersecurity of 100 of the world’s largest airport’s websites, found a mishmash of vulnerable web applications, misconfigured clouds and code repository leaks among other worrying security issues reported this week.

A worrying 71 airport websites were found to have serious security vulnerabilities that could be exploited by hackers.

Out of the 100 airport websites tested only three received a clean bill of health; Amsterdam Schiphol, Helsinki-Vantaa, and Dublin Airport.

During their testing the researchers found that only 45 out of the 100 websites are running web application firewall software.

With regards to GDPR legislation 76 of the websites were found to be in breach, the firm suggested, with three exposing AWS S3 public cloud storage buckets containing sensitive data to the public.

Airport Cybersecurity Weak

Credit: ImmuniWeb

Ilia Kolochenko, CEO of ImmuniWeb, said: “Given how many people and organizations entrust their data and lives to international airports every day, these findings are quite alarming…

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“Cybercriminals may well consider attacking the unwitting air hubs to conduct chain attacks of travellers or cargo traffic, as well as aiming attacks at the airports directly to disrupt critical national infrastructure.”

Read this: BP’s CISO: Gov’t Agencies “Still Polishing Intel” as Adversaries Move

In 2018, the UK’s Bristol Airport was hit by a ransomware attack that knocked its in-house passenger information display systems offline, forcing staff to manually write out all flight information on whiteboards.

The airport claims that no security-critical systems were breached during the incident, but it did highlight how easily an airport could be disrupted by a cyber attack.

Kolochenko notes that: “Today, when our digital infrastructure is extremely intricate and intertwined with numerous third-parties, holistic visibility of your digital assets and attack surface is pivotal to ensure the success of your cybersecurity program. Without it, all your efforts and spending are unfortunately vain.”

See Also: Critical Bug Fix: OpenBSD Vulnerability Needs Urgent Patching – RCE With Morris Worm Inspiration

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.