Specific Exposures and Threat Scenarios Malware/Ransomware Initial Access (Exploitation via device) General Ransomware Campaigns: Ransomware actors often gain initial access through phishing campaigns targeting aviation employees or by exploiting exposed VPN/RDP servers. Mobile devices are the primary target for phishing/social engineering attempts. Ransomware group LockBit demanded $200 million from Boeing in 2023. Attacks on airport…

Sofema Aviation Services (SAS) is pleased to announce a new training available through Sofema Online (SOL): Part 145 Cybersecurity Essentials Enrol today What is the training about? The Part 145 Cybersecurity Essentials course by Sofema Online offers a focused introduction to the key cybersecurity principles, risks, and regulatory expectations that affect EASA Part 145-approved organisations….

Sofema Aviation Services (SAS) shares lessons learned from real world Cyber Threats Introduction See the following typical examples and mitigations to “take away” Cybersecurity is a shared responsibility across all aviation functions. Whether managing aircraft configuration, scheduling maintenance, or overseeing day-to-day operations, Operators, CAMOs, and Maintainers must build cyber resilience into their core processes (not…

Sofema Aviation Services considers key aspects of Information & Cyber Security Management, since EASA is mandating Aviation Information and Cyber Security Regulations. Cyber threats pose a significant risk to aviation safety, operational continuity, and compliance with international standards.While organizations are responsible for managing their security risks, a regulatory framework ensures a harmonized, risk-based, and proactive…