Popular aviation website Flightradar24 admits three cyberattacks in a two day period, after services knocked offline for hours
Popular aviation website Flightradar24 admits that it has suffered three cyberattacks in a two day period that have knocked services offline.
The website is popular for passengers and aviation enthusiasts alike, as it provides real-time tracking information on 180,000 flights every day, around the world.
But services were knocked offline for hours after sustained attacks, that began on Sunday and lasted though to Monday. Service seems to be recovering to normal on Tuesday.
Flightradar24 admitted that it been subjected to a series of cyberattacks on Twitter.
“For the third time in two days Flightradar24 is under attack,” it tweeted on Monday evening. “Our engineers are working to mitigate the attack as quickly as possible and we hope to be back tracking flights soon. We appreciate your patience and apologize for the inconvenience.”
“We are continuing our efforts to mitigate the attack on our systems and are working diligently to bring Flightradar24 back online for all users,” it later added. “We thank you for your continued patience.”
“Attacks on our systems continue and while we were able to bring services back for a short time, significant instability due to the sustained attacks has forced us to refocus our efforts to mitigate them,” it tweeted in the early hours of Monday morning. “As a result, Flightradar24 remains unavailable to all users at this time.”
Silicon UK was able to access the Flightradar24 website on Tuesday afternoon, suggesting its engineers have been successful.
There was no word on the exact nature of the cyberattack, but it said it hit “the availability of our services” but not user data, suggesting a possible DDoS attack.
The website allows users to track planes – both commercial passenger flights and private ones – in mid-air, following flight paths live.
But live services like these has led one security expert to warn that cyberdefences need to be improved in today’s always connected world.
“As the connected world increases, more defences are required to mitigate the bombardment of attempts to take down a site and cause chaos,” explained Jake Moore, cybersecurity specialist at ESET.
“DDoS attacks are common threats, which can usually be avoided with the correct mitigation techniques in place,” said Moore. “However, when the flow of traffic is increased to more than what is assumed possible – and, therefore, what has been prepared for – it can knock huge organisations off their feet for long periods of time relatively easily.”
“Whether this is the work of a nation state or a young threat actor trialling new skills, these offenders will continue to cause havoc by directing traffic, either to send a message, take some enjoyment from the distribution, or to test their defences in preparation for further attacks,” Moore added.
“Whatever their reason, there is only one thing that remains: we should never take this threat too lightly,” Moore concluded. “We need to start protecting now for even stronger DDoS attacks to come.”