By Jordan Smith, U.S. Reporter, HCLTech

 

Airports across the U.S. have fallen victim to denial of service cyberattacks that overloaded their websites by jamming them with artificial users.

Pro-Russian hacker group, Killnet, is believed to be behind the attack, although there isn’t any evidence to suggest the Russian government was directly involved, says John Hultquist, Vice President, Intelligence Analysis at Mandiant–the cybersecurity firm.

Around 3 a.m. EST on October 11, attacks were first reported when the Port Authority notified the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) that LaGuardia Airport’s system had been hit with the attack. Systems at LaGuardia have since been restored.

Additionally, Des Moines International Airport, Los Angeles International Airport (LAX) and Chicago O’Hare International Airport were impacted the same morning with the denial of service attack. The Denver International Airport (DIA) was also attacked around 11:00 a.m., according to a DIA spokesperson.

In total, 12 airport websites were hit with this cyberattack. In statements to ABC News, both LAX and the Hartsfield-Jackson Atlanta International Airport said that “no internal airport systems were compromised and there were no operational disruptions.”

Immediate Actions to Mitigate Risks from Cyberattacks

October is Cybersecurity Awareness Month and, while there’s a level of complexity to cyber, there are relatively straightforward actions that can be taken to prevent cyberattacks. CISA has highlighted four tips:

  1. Recognizing and reporting phishing, which can be useful in preventing hackers gaining sensitive information or installing malware,

  2. Updating your software

  3. Using stronger passwords or utilizing a password manager which can encrypt passwords for you; and

  4. Enabling multi-factor authentication.

HCLTech also recommends following these medium-term actions:
  1. Critical Infrastructure organizations such as in transportation need to take a holistic look at their Crown Jewel applications and data to define a strong Cyber Resilience plan to recover citizen or business services and underlying data quickly.

  2. Periodic assessment of the attack surface around the Crown Jewel in terms of open vulnerabilities or patches or other risky third parties.

  3. Proactive threat hunting and constant monitoring using MITRE techniques to assess the probability and impact of a breach by correlating signals and threat intelligence data sources.

  4. Ensuring sufficient compensatory controls are deployed using TSA cybersecurity requirements and toolkit and ensuring fundamental Zero Trust principles are deployed to monitor and control access and reduce attack surface for lateral movements or other MITRE techniques being used.

  5. Ensuring there is a clear and well tested Incident Response and Cyber Resilience Plan which allows for swift action in case any of the above controls do not work.

Commenting on the importance of Cybersecurity Awareness Month and how organizations can best protect themselves, Amit Jain, Executive Vice President, Cybersecurity & GRC Services, HCLTech, said: “At a time when data breaches and ransomware attacks are increasing by the hour, it is crucial to raise sensitivity and awareness, not only among corporations and public services but also among individuals and their families. Cybersecurity Awareness Month plays an important annual milestone to enhance awareness about common sense cybersecurity best practices which can help protect our cities, nations and corporations from impact of cyberattacks. HCLTech’s “Dynamic Cybersecurity” framework has prepared and protected organizations and public services since last 25 years. Our Dynamic approach focuses on both culture and people as well as process and technology to help create a holistic approach to Cybersecurity.”

Partnering with HCLTech

Recently, HCLTech partnered with SecurityScorecard to help deliver combined solutions that provide a holistic approach to security management, and resolving and communicating risk more effectively.

As part of its Cybersecurity and Governance, Risk, and Compliance (GRC) offering, HCLTech offers customers SecurityScorecard’s cyber ratings to enable customers to proactively gain visibility into their vendor ecosystem and help customers manage their cyber threat landscape.

“Customers often reach out to us to help with mitigating risk not only within their organization, but also with their expanding third-party environments,” continued Jain.

“HCLTech’s extensive expertise and years of experience in managing and preventing threats enables it to comprehend the evolving security needs of customers across their ecosystem. By integrating SecurityScorecard’s ratings to HCLTech’s Cyber Security Fusion Centers (CSFCs), we will provide our customers valuable new security insights and perspectives about their vendor ecosystem and help them to proactively secure their enterprises against all external threats.”

HCLTech’s cybersecurity and governance services have been serving the technology industry for the past 25 years and includes operations in the U.S. Through integration with Microsoft’s security products, HCLTech’s cybersecurity services improve supply chain security, on-prem infrastructure security, and cloud security.