The attack targeted an International airport in Kiev Ukraine. The officials said they have started investigation to find out the source of the cyberattack.
Cyberattack targetted on of the main airport in Ukraine, Boryspil International Airport. CERT-UA started on the alert for the black Energy malware.
The methodology often spearphishing email, document or both. According to ESET, The Black Energy attack happened in December last year. The attack targeted power stations of Ukraine.
Breaking Down the Methodology
Researchers typically use several markers to discern the source of a cyberattack, noted Wes Widner, director of threat intelligence and machine learning at Norse.
One method is to analyze the command-and-control servers the malware attackers use, he told TechNewsWorld. Other methods include analyzing code similarities, strings found in the file, and general organization of the attack.
In this case, the Ukrainian officials determined that the C2 servers originated in Russia, Widner said.
“Just like fighting styles, malware tends to exhibit regional similarities,” he pointed out.
Targeting an airport’s IT network potentially could cause lasting damage, because airplanes are “fly-by-wire,” and a disruption that affects the air traffic control system could lead to accidents during takeoff or landing, or a mid-air collision, Widner said.
“Moreover, controlling an airport’s network can also have ramifications outside the airport, since airport instruments are often used by weather forecasters,” he explained. “My guess is that the Ukraine either dodged a bullet, or else the attacker tipped their hand in order to let the Ukrainian government know how vulnerable they are.”