Fraud Management & Cybercrime,
Ransomware
Service Disruptions Persist at Major European Airports Following Recent Cyberattack
In a significant cyber incident categorized as a ransomware attack, several major European airports, including London Heathrow, faced severe service disruptions resulting in multiple flight cancellations and delays over the weekend and into Monday. This escalation highlights ongoing vulnerabilities within the aviation sector.
The cyber attack on Friday involved the infiltration of Muse software, developed by Collins Aerospace, a subsidiary of the U.S. company RTX. This software facilitates the sharing of check-in desks and boarding gates among various airlines. Although the identity of the attackers remains unknown, the European Union’s Agency for Cybersecurity (ENISA) has confirmed that the breach stems from ransomware targeting a third-party provider associated with Collins Aerospace.
ENISA stated via an email communication on Monday, “The cyberattack is confirmed to be a ransomware incident,” noting its active collaboration with both Collins Aerospace and the U.K. National Cyber Security Centre to restore the affected systems. The BBC reported that Collins Aerospace is in the final stages of implementing a software update to fully regain the functionality of Muse.
Reports indicate that by Sunday, disruptions at Berlin and London Heathrow airports had significantly lessened. Berlin Brandenburg Airport managed to avoid widespread cancellations, though operational delays persisted. Conversely, Brussels Airport advised travelers that the cyberattack would minimally affect operations in the immediate days.
Heathrow Airport’s authorities communicated via Twitter that efforts to resolve the outage caused by the Collins Aerospace system are ongoing, reassuring that the majority of flights are departing as scheduled. An internal memo, obtained by the BBC, revealed that over a thousand computers might have been compromised, complicating recovery efforts, which primarily cannot be conducted remotely.
Ireland’s Dublin and Cork Airports also faced repercussions due to this ransomware attack. As the aviation sector sees a rise in cyber incidents, the nature of such attacks raises alarm. Hacking groups like ShinyHunters have previously targeted European carriers, and it is reported that Collins Aerospace experienced an unverified ransomware attack in 2023, where data was allegedly stolen.
Considering the tactics likely employed in this incident, initial access to the systems may have been gained through phishing or exploiting software vulnerabilities—both common methods aligning with tactics outlined in the MITRE ATT&CK framework. The attack’s persistence and its capacity to propagate through compromised third-party channels underscore the necessity for enhanced security protocols across the industry.
