On Friday, travelers navigating some of Europe’s busiest airports encountered significant disruptions due to a cyberattack that compromised check-in technology utilized by key facilities. The incident primarily affected systems supplied by Collins Aerospace, a prominent provider of passenger processing solutions, resulting in a temporary shift to manual operations across multiple airports.
Brussels Airport staff resorted to printing boarding passes by hand, and baggage tags were manually inscribed in response to the outage. By late morning, the repercussions led to approximately ten flight cancellations along with a notable number of significant delays. Though airport officials confirmed that security screening and air traffic control remained operational, they acknowledged a substantial impact on the overall passenger experience.
London Heathrow and Berlin Brandenburg airports also reported complications, with both facilities experiencing extended processing times for check-in and baggage drop-offs. In Ireland, Dublin and Cork airports faced minor interruptions, although authorities managed to quickly contain the effects of the disruption.
Passengers faced the immediate inconvenience of enduring long queues and, in certain cases, missing their flights altogether. Airport representatives urged travelers to allocate additional time for check-in as systems continued to be restored. As of Friday afternoon, many locations were still relying on manual procedures, but staff members were actively working to mitigate delays.
Collins Aerospace, the company at the center of the disruption, confirmed it is currently investigating the incident. The targeted MUSE (Multi-User System Environment) software, widely employed by airlines and airports for passenger management, experienced the attack. Although airlines were not directly breached, their operations were adversely affected due to reliance on the same check-in processes that coordinate boarding and baggage handling.
What is the MUSE System?
MUSE enhances the flexibility and efficiency of airport operations, but its centralized functionality means that an outage can simultaneously impact multiple airlines and airports. This platform serves as a shared check-in and boarding system for various carriers worldwide, allowing them to utilize common counters, kiosks, and baggage drop facilities rather than operating separate systems at each airport.
Who’s Behind the Cyber Attack?
Authorities have yet to disclose the identity of the attackers or the methods used for unauthorized access. While officials have not found evidence suggesting that passenger data was compromised, the investigation remains in progress. Cybersecurity experts highlight that airports are increasingly susceptible to risks, not only from direct attacks on aviation infrastructure but also from vulnerabilities in the technology supplied by service providers integral to daily operations.
This incident adds to the concerning trend of cyber events targeting transportation infrastructure globally, affecting systems ranging from rail networks to maritime operations. For example, prior to this event, UK authorities detained two individuals linked to the Scattered Spider group during inquiries into a cyberattack on Transport for London (TfL), which resulted in significant financial damage.
In terms of the techniques potentially applied during this attack, the MITRE ATT&CK framework can offer insights into adversary tactics. Initial access methods, such as exploiting weaknesses in third-party systems, may have been utilized to infiltrate Collins Aerospace’s software. Additionally, persistence and privilege escalation tactics could also have been at play, aiming to ensure continued access to sensitive systems. Heightened vigilance and comprehensive cybersecurity measures are essential for both airlines and airports to guard against such growing threats.
