Airport Networks Are Putting Your Devices & Cloud Apps at Severe Risk

Similar documents
Passengers Boarded At The Top 50 U. S. Airports ( Updated April 2

DEPARTMENT OF HOMELAND SECURITY U.S. CUSTOMS AND BORDER PROTECTION. CBP Dec. No EXPANSION OF GLOBAL ENTRY TO NINE ADDITIONAL AIRPORTS

AGENCY: U.S. Customs and Border Protection; Department of Homeland Security.

World Class Airport For A World Class City

World Class Airport For A World Class City

World Class Airport For A World Class City

World Class Airport For A World Class City

Beyond Measure jdpower.com North America Airport Satisfaction Study

2016 Air Service Updates

J.D. Power and Associates Reports: Customer Satisfaction with Airports Declines Sharply Amid an Industry Fraught with Flight Delays

2016 Air Service Updates

2012 Airfares CA Out-of-State City Pairs -

2016 Air Service Updates

TravelWise Travel wisely. Travel safely.

2016 Air Service Updates

The O Hare Effect on the System

Associates 2009 Rental Car Satisfaction Study SM (Page 1 of 2)

Uncertainty in Airport Planning Prof. Richard de Neufville

PFC Collection Analysis

SEPTEMBER 2014 BOARD INFORMATION PACKAGE

79006 AIR TRAVEL SERVICES 2001 AWARD

Megahubs United States Index 2018

Questions regarding the Incentive Program should be directed to Sara Meess at or by phone at

Industry Voluntary Pollution Reduction Program (VPRP) for Aircraft Deicing Fluids

Place image here (10 x 3.5 ) FAA NEXTGEN DATA COMM TOWER SERVICE: CPDLC DCL NEW OPERATOR INTRODUCTION HARRIS.COM #HARRISCORP

North American Airports Effectively Navigating Construction, Capacity Challenges, J.D. Power Finds

Puget Sound Trends. Executive Board January 24, 2019

Trusted Traveler Program Overview and Best Practices. February 2017

Data Communications Program

The Airport Credit Outlook

North America s Fastest Growing Airports 2018

Rankings of Major U.S. Airports. Total Passengers 2016

Kansas City Aviation Department. Update to Airport Committee January 26, 2017

2012 Airport Ground Transportation

Harvest Donation Program

ELS Language Centers 2019 USA Pricing

Aviation Insights No. 5

Vanderbilt Travel January 2019 Airfare Price Testing Testing Session, January 14, 9:30am 10:30am

Escape the Conventional. Air Access Report January 2014 to March 2014

CONCESSIONS FUTURE OPPORTUNITIES

Aviation Gridlock: Airport Capacity Infrastructure How Do We Expand Airfields?

Brian Ryks Executive Director and CEO

Air Service at GMIA. ASQ Milwaukee. January 21, 2013

Lower Income Journey to Work Market Share From American Community Survey

PITTSBURGH INTERNATIONAL AIRPORT ANALYSIS OF SCHEDULED AIRLINE TRAFFIC. October 2016

American Airlines and China Southern Airlines to Expand Partnership

Distance to Jacksonville from Select Cities

Rankings of Major U.S. Airports. Total Passengers 2017

Uncertainty in Airport Planning Prof. Richard de Neufville

Air France is proud to be the first European airline to fly the A380

Monthly Employment Watch: Milwaukee and the Nation's Largest Cities

MANGO MARKET DEVELOPMENT INDEX REPORT

University of Denver

Bridget Rief, Vice President Planning and Development Metropolitan Airports Commission

Mango Market Development Index

Semiintensive. (Semi) 4

Analysis of Fees and Fares Survey Results Compiled by Tianhui(Shelly) Yu Under Direction of Ray A. Mundy, Ph.D.

July 21, Mayor & City Council Business Session KCI Development Program Process Update

Rethinking Airport Improvement: Analysis of Domestic Airline Service to U.S. Metroplex Airports

Place image here (10 x 3.5 ) FAA NEXTGEN DATA COMM TOWER SERVICE: CPDLC DCL NEW OPERATOR INTRODUCTION HARRIS.COM #HARRISCORP

Regional Aviation Baseline Study. Economic Development Board May 2, 2018

Agenda. 1. Reduce Airline Cost. 2. Develop Airport Related Businesses. 3. Provide Customer Friendly Facilities and Services. 4. Expand Air Service

TSA Pre. July 18, 2016

Rank Place State Native Hawaiian and Pacific Islander population (alone or in combination

PVC Competitor Airports & Customer Service Outcomes

Monthly Employment Watch: Milwaukee and the Nation's Largest Cities

Airport Surface Detection. ASDE-X and Data Distribution System Overview. Presented to the Tarmac. Federal Aviation Administration

Monthly Employment Watch: Milwaukee and the Nation's Largest Cities

Kansas City Aviation Department. Update to Airport Committee October 20, 2016

Parking Property Advisors and Parkopedia present: TOP 40 US CITIES PARKING INDEX

The Metropolitan Airports Commission and MSP International Airport

OAG s Top 25 US underserved routes. connecting the world of travel

RANKING OF THE 100 MOST POPULOUS U.S. CITIES 12/7/ /31/2016

Terminal Area Forecast Summary

ACI 2008 WORLDWIDE AIRPORT TRAFFIC STATISTICS

Chico Municipal Airport. Catchment Area Analysis Results

CONTRACT AWARD NOTIFICATION. Address Inquiries To: Description

Monthly Employment Watch: Milwaukee and the Nation's Largest Cities

Emerging Trends in Real Estate Sustaining Momentum but Taking Nothing for Granted

Access Across America: Transit 2014

FAA Call to Action on Runway Safety Short-term Actions. By Glenn Michaël (FAA)

Hector International Airport Fargo, North Dakota

Park-Related Total* Expenditure per Resident, by City

The Airline Quality Rating 2002

Preface. The TAF is available on the Internet. The TAF model and TAF database can be accessed at:

Appendix D: Aggregation Error for New England Metro Areas and for Places

WH Smith PLC Acquisition of InMotion providing access to the world s largest travel retail market 30 October 2018

PORTLAND INTERNATIONAL AIRPORT

LAX SPECIFIC PLAN AVIATION ACTIVITY ANALYSIS REPORT CY 2017

Monthly Employment Watch: Milwaukee and the Nation's Largest Cities

Gateway Travel Program

Emerging US Airport Traffic Trends & Preview To The 2018

Get Smart Market Insights from Our Research Team Customer Conference

Salt Lake City Int'l Airport Airport Schedule Reports

Research in Coastal Infrastructure Reliability: Rerouting Intercity Flows in the Wake of a Port Outage

Monthly Employment Watch: Milwaukee and the Nation's Largest Cities

September Air Traffic Statistics. Prepared by the Office of Marketing & Consumer Strategy

Major Metropolitan Area Sales Tax Rates

Hector International Airport Fargo, North Dakota

Pre-Response Meeting RLI # AV-01 Food & Beverage Service Terminals 1 & 2

Transcription:

Networks Are Putting Your Devices & Cloud Apps at Severe Risk

TABLE OF CONTENTS Executive Summary The Cyber Risk to All Passengers Methodology Most Vulerable s Least Vulnerable Regions Complete Rankings About Coronet 3 4 5 6-7 8 9-10 11 PAGE // 2

EXECUTIVE SUMMARY According to the Bureau of Transportation Statistics, U.S.-based airlines transported more than 746 million passengers to and from airports across the country in 2017. When combined with international-based carriers, close to one billion people made their way through one or more of America s 5,000 airports designated for commercial flights during a single calendar year. In an attempt to maximize the traveler experience, the vast majority of airports now provide free or low-cost Wi-Fi for passengers to connect to for work, entertainment or a combination thereof. Unfortunately, Wi-Fi security is often sacrificed by airport operators in exchange for consumer convenience, leaving networks unencrypted, unsecured or improperly configured. After all, it wasn t until February 2018 that Americans finally started to rank cybersecurity as more important than expediency (according to an IBM study). Even for those airports that do prioritize security, attack techniques such as the Key Reinstallation Attack (KRACK), which can break the WPA2 protocol to capture and/ or expose information shared over public and private Wi-Fi, presents significant risk to passengers in transit. This report identifies the current cyber risk landscape at the top *45 busiest U.S. airports. Its purpose is to help educate all travelers on: Specific airport risk level based on network threats and device vulnerabilities. How insecure or deceptive airport networks can drive the exploitation of vulnerable endpoint devices, subsequently compromising the systems, files and cloud apps that devices connect to. How Coronet s FREE SecureCloud platform can help business travelers automatically identify network threats at airports, thereby protecting their cloud apps and data from compromise, unauthorized access and malware and ransomware spread. *Data for Honolulu s Inouye International and Oakland International was not available. PAGE // 3

THE CYBER RISK TO BUSINESS TRAVELERS For attackers, it is infinitely easier to access and exploit data from devices connected to Wi-Fi in an airport than it is to do so within the confines of a wellprotected office. In fact, the lax cybersecurity posture at most airports has created an environment in which adversaries can utilize insecure public Wi-Fi as the attack vector to introduce a plethora of advanced network vulnerabilities, such as captive portals (AKA Wireless phishing), Evil Twins, ARP poisoning, VPN Gaps, Honeypots and compromised routers. Any one of these network vulnerabilities can empower an attacker to obtain access credentials to Microsoft Office 365, G-Suite, Dropbox and other popular cloud apps; deliver malware to the device and the cloud, and snoop and sniff device communications. In many instances, business travelers connected to risky airport networks unintentionally share important information about their cloud-based-apps with adversaries. Such compromise can trickle down through entire organizations, leading to operational disruption, financial losses and even reputational harm, among other damages. While large enterprises are equipped to recover from such events, many mid-market and small businesses are ill prepared to remediate and regain business continuity with any haste. In fact, six out of ten small businesses hit with a cyberattack go out of business within six months of the breach. PAGE // 4

METHODOLOGY To identify the airports with the greatest cyber risk, Coronet collected data from more than 250,000 consumer and corporate endpoints that traveled through America s 45 busiest airports over the course of five months. Coronet then analyzed the data, which consisted of both device vulnerabilities and Wi- Fi network risks captured from our threat protection platform. Following the completed analysis, the data was combined and standardized to compile the Coronet Threat Index for each airport. Device Vulnerabilities Coronet assigned each endpoint device a vulnerability score based on weighting its security posture factors, including: Active and updated anti-malware Active and updated firewalls Password protection for device/os access Trusted OS (i.e. from legit source and not rooted/jailbroken) Trusted apps Disk/storage encryption Privileged user account and permissions The greater the vulnerabilities that a device had, the higher the vulnerability score it was assigned. For each airport, we averaged the device vulnerability score for all devices within one kilometer. The Device Vulnerability Score has a risk range of 1 to 5 (the higher the score the higher the risk) that reflects the average vulnerability level of endpoint devices in the airport. Network Risk Score - Coronet SecureCloud scanned connected and neighboring Wi-Fi networks, using proprietary algorithms to assess network risk score, denoting the probability of an attacker on these networks. This risk score was used for conditional access to corporate services. The Network Risk Score has a risk range of 1 to 5 (the higher the score the higher the risk) and takes into account the chance of connecting to a risky Wi-Fi networks in the immediate vicinity of and the individual risk within each specific network. Based on our analysis, it is our opinion that an acceptable risk level is below 6.5, and any score higher represents unacceptable exposure. PAGE // 5

TOP 10 MOST VULNERABLE AIRPORTS DMA CODE CITY THREAT INDEX SCORE San Diego International John Wayne -Orange County SAN San Diego 10 SNA Santa Ana 8.7 William P Hobby HOU Houston 7.5 Southwest Florida International Newark Liberty International RSW Fort Myers 7.1 EWR Newark 7.1 Dallas Love Field DAL Dallas 6.8 Phoenix Sky Harbor International Charlotte Douglas International Detroit Metropolitan Wayne County General Edward Lawrence Logan International PHX Phoenix 6.5 CLT Charlotte 6.4 DTW Detroit 6.4 BOS Boston 6.4 NATIONAL AIRPORT WI-FI NETWORK OVERVIEW Probability of connecting to medium risk network: 1% Probability of connecting to high risk network: 0.6% PAGE // 6

5 NEWARK LIBERTY INTERNATIONAL AIRPORT Probability of connecting to medium risk network: 1% Probability of connecting to high risk network: 0.6% 4 SOUTHWEST FLORIDA INTERNATIONAL AIRPORT (FT. MYERS) Probability of connecting to a medium risk network: 19% Probability of connecting to high risk network: 6% 3 HOUSTON WILLIAM HOBBY INTERNATIONAL AIRPORT An attacker on a Wi-Fi network named SouthwestWiFi performed an attack on SSL/HTTPS traffic. Probability of connecting to medium risk network: 21% 2 Probability of connecting to high risk network: 6% JOHN WAYNE AIRPORT-ORANGE COUNTY AIRPORT Probability of connecting to a medium risk network: 26% Probability of connecting to high risk network: 7% 1 SAN DIEGO INTERNATIONAL AIRPORT An Evil Twin Wi-Fi access point with the name #SANfreewifi was used at the San Diego international airport, running an ARP Poisoning attack. Probability of connecting to a medium risk network 30% Probability of connecting to a high-risk network 11% PAGE // 7

TOP 10 LEAST VULNERABLE AIRPORTS DMA CODE CITY THREAT INDEX SCORE Tampa International TPA Tampa 5.3 Miami International MIA Miami 5.3 Lambert St Louis International Kansas City International Louis Armstrong New Orleans International San Antonio International Washington Dulles International Nashville International Raleigh Durham International Chicago Midway International STL St. Louis 5.3 MCI Kansas City 5.2 MSY New Orleans 5.2 SAT San Antonio 5.2 IAD Washington 5.1 BNA Nashville 5.1 RDU Raleigh-Durham 4.9 MDW Chicago 4.5 PAGE // 8

COMPLETE RANKINGS (WORST TO BEST) TAKING ACTION RED: Above 5.9 Never connect without proper protection for your devices. Use a security solution that can identify both malicious networks and attackers and can offer full protection, for your cloud services, devices and cloud apps are at severe risk. ORANGE: Between 5.4 and 5.9 Download device protection that can identify malicious networks and attackers for personal use, and connect only to networks that you identify and know. YELLOW: Below 5.4 Connect carefully only to a networks that you can identify and know. DMA CODE CITY THREAT INDEX SCORE San Diego International SAN San Diego 10 John Wayne -Orange County SNA Santa Ana 8.7 William P Hobby HOU Houston 7.5 Southwest Florida International RSW Fort Myers 7.1 Newark Liberty International EWR Newark 7.1 Dallas Love Field DAL Dallas 6.8 Phoenix Sky Harbor International PHX Phoenix 6.5 Charlotte Douglas International CLT Charlotte 6.4 Detroit Metropolitan Wayne County General Edward Lawrence Logan International DTW Detroit 6.4 BOS Boston 6.4 Orlando International MCO Orlando 6.3 Portland International PDX Portland 6.3 McCarran International LAS Las Vegas 6.2 Sacramento International SMF Sacramento 6.2 La Guardia LGA New York 6.2 Austin Bergstrom International AUS Austin 6.1 George Bush Intercontinental Houston IAH Houston 6.1 Seattle Tacoma International SEA Seattle 6 PAGE // 9

COMPLETE RANKINGS (WORST TO BEST) DMA CODE CITY THREAT INDEX SCORE Chicago O'Hare International ORD Chicago 5.9 San Francisco International SFO San Francisco 5.8 Indianapolis International IND Indianapolis 5.7 Cleveland Hopkins International CLE Cleveland 5.7 John F Kennedy International JFK New York 5.7 Fort Lauderdale Hollywood International FLL Fort Lauderdale 5.7 Dallas Fort Worth International DFW Dallas-Fort Worth 5.7 Hartsfield Jackson Atlanta International Norman Y. Mineta San Jose International ATL Atlanta 5.6 SJC San Jose 5.6 Denver International DEN Denver 5.6 Baltimore/Washington International Thurgood Marshall BWI Baltimore 5.5 Los Angeles International LAX Los Angeles 5.4 Salt Lake City International SLC Salt Lake City 5.4 Philadelphia International PHL Philadelphia 5.4 Tampa International TPA Tampa 5.3 Miami International MIA Miami 5.3 Lambert St Louis International STL St. Louis 5.3 Kansas City International MCI Kansas City 5.2 Louis Armstrong New Orleans International MSY New Orleans 5.2 San Antonio International SAT San Antonio 5.2 Washington Dulles International IAD Washington 5.1 Nashville International BNA Nashville 5.1 Raleigh Durham International RDU Raleigh-Durham 4.9 Chicago Midway International MDW Chicago 4.5 PAGE // 10

LIMIT CYBER RISK AT AIRPORTS WITH CORONET SECURECLOUD ITS FREE, FOREVER Coronet s FREE SecureCloud platform empowers business travelers with enterprise-grade cloud security, enabling them to prevent the inherent risks of airport Wi-Fi and the subsequent threats from impacting their company s cloud apps and devices. With Coronet, all travelers can safely access any cloud service, through any device and connect to any network and seamlessly be secured. All Coronet SecureCloud users benefit from: Access Control - Now that users can work from anywhere, using any device, Coronet ensures only authorized users using safe devices connected through safe networks from allowed locations have access to cloud applications and data Cloud Control Once access is granted, Coronet controls who shares what with whom, prevents data leakage, malware and ransomware spread, suspicious activities, and regulatory violations (PCI-DDS, HIPAA, GDPR, etc.) TO GET STARTED WITH CORONET, SIGN UP HERE: www.coro.net/signup www.linkedin.com/company/coronet/ @coronetworks www.facebook.com/coronetworks/

2024 © travelsdocbox.com Privacy Policy | Terms of Service | Feedback