Ransomware Attack Disrupted Airports Across Europe, Cyber Agency Confirms
The European Union Agency for Cybersecurity (ENISA) has confirmed that a ransomware attack was responsible for ongoing airport disruptions that began on Friday. Several major airlines, including those operating out of London Heathrow, Berlin Brandenburg Airport, and Brussels Airport, had to resort to manual processing with pen and paper, resulting in significant flight delays and cancellations.
ENISA informed the BBC that ransomware was used to target the MUSE passenger processing software from Collins Aerospace, widely used by airlines for check-in. It “allows multiple airlines to share check-in desks and boarding gate positions at an airport rather than having their own dedicated infrastructure,” according to the software vendor, which is owned by defence contractor RTX.
London Heathrow
In an internal memo seen by the BBC, staff at Heathrow were urged to revert to manual systems for boarding and check-in, and Europe’s busiest airport was still recovering from the attacks as of Sunday. Heathrow estimates that more than 1,000 computers could have been affected, and that Collins Aerospace had attempted to rebuild its system but found the hackers were still present.
Brussels Airport
Brussels Airport has asked airlines to cancel 140 of their 276 scheduled outbound flights for Monday because Collins Aerospace was unable to deliver a new, secure version of the MUSE system, according to the AP.
Dublin Airport
Dublin Airport faced continued disruption on Monday, too, per the BBC. It will likely take the airports a long time to make a full recovery due to the amount of personal information they process, which may also have made them a target in the first place by expanding their attack surface.
Who is responsible for this ransomware attack?
Collins Aerospace has not yet confirmed the details of the attack or the identity of the perpetrator; TechRepublic has reached out for comment. The UK’s National Cyber Security Centre (NCSC) has released a statement saying it is “working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident.”
According to aerospace company Thales, cyberattacks in aviation increased by 600% in the past year. Dr Daniel Gardham, Lecturer at the University of Surrey’s Centre for Cyber Security, told TechRepublic that cyber security is particularly tricky in the sector because it “relies on numerous and disparate systems working in tight coordination.”
“Targeting third-party suppliers, known as supply chain attacks, is increasingly seen by hackers and nation states as an easy way to cause chaos in high-profile sectors such as retail, automotive and now aviation,” Dr Gardham added.
It was just over a year ago that the infamous CrowdStrike outage disabled approximately 8.5 million Windows devices worldwide, causing significant disruption to airports, emergency services, law enforcement, and other critical organisations.
UK law enforcement has arrested two teenagers in connection with the infamous Scattered Spider cybercriminal ring, which allegedly hacked Transport for London in August 2024.
About Author
