Cyberattack Disrupts Operations at Key European Airports

A significant cyberattack on Friday night has resulted in widespread flight cancellations and delays at major European airports, including London’s Heathrow, as services provided by a check-in and boarding system were disrupted. The incident occurred following a breach of the Muse software, developed by Collins Aerospace, a leading American aviation and defense technology firm controlled by RTX.

This software is critical for managing check-in desks and boarding gates across multiple airlines, facilitating efficient operations at these busy hubs. The disruption led to at least 29 flight cancellations at Heathrow, a facility recognized as Europe’s busiest airport and the fourth most trafficked globally. Airports in Berlin and Brussels also experienced service interruptions, as reported by multiple sources, with Dublin Airport later indicating that it too faced operational challenges due to the hack.

British Transport Secretary Heidi Alexander confirmed that the incident was impacting flights across European airports, urging travelers to check with airlines regarding flight statuses before their journeys. Notably, Heathrow had recently extended its agreement with RTX for the continued deployment of the Muse software across all four passenger terminals.

Following the attack, passengers at Heathrow were advised to arrive three hours prior to international flights and two hours before domestic ones to accommodate potential delays. Brussels Airport initially reported the incident as a “technical issue” but later confirmed it as a cybersecurity event, emphasizing that their service provider was actively addressing the breach.

The attack compelled both Brussels Airport and Berlin Brandenburg to revert to manual check-in processes, significantly increasing wait times for travelers. Reports suggest that disruptions could continue into subsequent days, as both airports issued warnings about ongoing delays and cancellations.

In a response to media inquiries, RTX acknowledged the disruption to Muse software at certain airports, emphasizing their commitment to resolving the issue and restoring full functionality as promptly as possible. The company’s statement indicated that the effects were limited to electronic check-in and baggage drop-off systems.

The UK’s National Cyber Security Centre is currently collaborating with Collins Aerospace and the impacted airports to address the situation. Analysts point to this incident as indicative of the vulnerabilities present in interconnected global transportation systems. Darren Guccione, CEO of Keeper Security, stressed the importance of ensuring robust security measures across third-party systems to safeguard against potential breaches.

This incident is reflective of broader trends within the realm of cybersecurity, specifically regarding the tactics and techniques that adversaries may employ. According to the MITRE ATT&CK framework, potential tactics involved in this scenario could include initial access through exploitation of weaknesses, as well as persistence and privilege escalation following the initial breach. These considerations serve as critical reminders for business owners to enhance their cybersecurity protocols, given the increasing interdependencies in today’s digital landscape.