The world’s airlines carry 3 billion passengers a year and more than 50 million tons of freight. They also generate 9.9 million jobs within the air transport industry and contribute $664.4 billion to global GDP. The significance of the aviation and aeronautics industry to the global economy can’t be understated, which is why it is a growing target for threat actors.

While the current cyber and geopolitical landscapes continue to exacerbate these conditions, Flashpoint empowers aviation and aeronautics organizations to bolster defenses, inform decisions, and mitigate a broad spectrum of cyber, fraud, political, and physical risks, some of which include:


The development of aviation and aeronautics activities worldwide exposes this industry to political risks that could impact their earnings. Over the past few years, various activist groups have initiated campaigns which have caused runway or terminal shutdowns. At one airport, a 2016 protest halted flights for more than six hours, resulting in 120 flight cancellations. Overall, instances of activism have resulted in impeded flight operations, global flight delays, reputational damage, and ultimately a financial impact to individual airline carriers. The decrease in air traffic could also impact the volume of aeronautics sales and services, including maintenance, repair, and overhaul (MRO) and spare part sales.

By using Flashpoint’s Finished Intelligence, decision makers can stay informed on emerging trends that affect the aviation cycle and gain tactical advice on how to properly allocate security resources to minimize reputational damage and operational disruption. In past instances of activism, for instance, Flashpoint assessed the impact of upcoming protests impeding airport construction projects and expansion plans. Other assessments included whether protests were likely to involve vandalism or economic impacts such as disruption of business, and if campaigns were gaining or losing momentum. Based on this information, Flashpoint customers were able to take action to prevent these risks from affecting business operations and ensure the safety of their employees, facilities, and the protestors themselves.


Aviation and aeronautics companies hold critical data concerning technological innovation, strategy, and key assets. Companies, therefore, need to have reasonable assurance that its intangible assets (data, knowledge, and expertise) are adequately protected. In one instance, Flashpoint learned of a threat actor sponsoring attacks targeting aviation clubs. The threat actor gained access through social engineering, manipulating a member of the company’s IT department into providing him with the company’s antivirus information. This gave him the ability to send spear phishing emails with malware to the club’s other employees without triggering alerts. The threat actor procured detailed company information, jet reservation and sales information, and also exfiltrated the customer database and employee email messages.

Flashpoint’s analysts create Finished Intelligence that helps customers make informed recommendations on mitigating data confidentiality risks to avoid unauthorized access to sensitive company holdings. Flashpoint customers also leverage Flashpoint Risk Intelligence Observables (RIOs) in order to tune sensors in their security operations centers and strengthen pre-attack defenses, thereby helping mitigate risk. In the case of the threat actor targeting aviation clubs, Flashpoint reported the exact structure of the attack, including samples of the phishing emails sent, how the malware was disguised, and how it operated. Our analysts also collected a list of companies being targeted and samples of the data exfiltrated, thereby helping to understand the scope of the damage already done.


Supply chain attacks can affect any part of the aviation and aeronautics industry, from additional costs and production delays to data breaches with employee personal identifiable information (PII) and corporate intellectual property (IP) loss. For example, Flashpoint observed a crime-as-a-service malware used to phish credentials for the supply chains of 20 organizations, including several shippers and manufacturers. By controlling the supply chain, the attackers could divert shipments of physical goods, issue full sets of payments and invoices to nonexistent companies, and issue gift cards in mass quantities. Since the malware was typically employed against organizations such as banks and online retailers, the attack represented a strategic effort on the part of threat actors to target a new industry.

By monitoring threat actor discussions for tactics, techniques, and procedures (TTPs) and known supply chain exploits, Flashpoint provides customers with an early warning when threat actors begin to target technologies or vendors within their supply chain. In the case of the crime-as-a-service malware, Flashpoint identified the companies being targeted so that their partners could be alerted that there may have been a breach in the supply chain. Flashpoint also provided examples of the phishing emails and indicators of compromise (IOCs) for the malware to help individual companies strengthen their security posture against being targeted by this threat actor.

Did this answer your question?