Yazılar

Airport chaos underscores growing trend of high-profile ransomware attacks

/in /tarafından

A weekend ransomware attack that crippled airport check-in systems across Europe has drawn attention to a new trend in cybercrime: hackers are increasingly targeting high-profile companies and infrastructure for both larger payouts and reputational clout, cybersecurity experts said.

The European Union’s cybersecurity agency ENISA confirmed on Monday that the attack on Collins Aerospace, a unit of RTX, was ransomware-based. The hack disrupted check-in and baggage systems since Friday, grounding flights and stranding thousands of passengers. The attackers’ identity remains unknown, with no ransomware group yet claiming responsibility on dark web leak sites.

Rafe Pilling, Director of Threat Intelligence at Sophos, noted that while most ransomware attacks remain financially motivated, a subset of operations is now engineered for maximum disruption: “They are becoming more visible and more ambitious.”

The strategy is not new but appears to be escalating. In April, the group Scattered Spider was linked to an attack on retailer Marks & Spencer that halted online orders for weeks. Britain’s National Crime Agency also charged two teenagers last week over a 2024 attack on Transport for London, tied to the same group. The FBI estimates Scattered Spider has been involved in around 120 network intrusions and netted $115 million in ransom payments.

Experts warn the trend poses greater systemic risks. Martyn Thomas, Emeritus Professor of IT at Gresham College, said software vulnerabilities and weak security practices continue to fuel the crisis: “If criminals were to decide to cause serious injury or many deaths, the same attack strategies could be used on critical systems in healthcare or major infrastructure.”

Another driver, analysts say, is reputation within cybercriminal networks. Pulling off high-impact breaches boosts a hacker’s credibility and standing among peers, creating a cycle of increasingly bold attacks.

The incident highlights the growing urgency for stronger software security and corporate defenses as ransomware groups become more emboldened, aiming not only for profit but also prestige.

EU confirms ransomware attack caused major airport disruptions

/in /tarafından

The EU’s cybersecurity agency ENISA confirmed on Monday that a ransomware attack was behind the widespread disruptions to automated check-in systems at several of Europe’s largest airports, including London Heathrow, Brussels, and Berlin. The incident, which began on Friday, has delayed or cancelled dozens of flights and impacted thousands of passengers.

What happened

  • The attack targeted Collins Aerospace’s MUSE software, a key system used for passenger check-in and boarding. Collins Aerospace is owned by RTX.

  • ENISA said law enforcement is investigating but did not disclose the origin of the ransomware or who may be behind it.

  • Ransomware attacks work by encrypting critical data and demanding payment for access restoration.

Impact on airports

  • Heathrow: Airlines implemented contingency plans, with most flights still operating.

  • Brussels Airport: Still facing major disruptions, using iPads and laptops to check in passengers. On Monday, about 60 flights were cancelled, and less than half of flights departed on time.

  • Berlin Airport: With extra passenger traffic from the Berlin Marathon, delays exceeded an hour, and check-in remained manual, with handwritten boarding passes.

  • Dublin Airport: Reported only minimal impact.

Broader context

  • The attack is part of a surge in high-profile ransomware cases, targeting critical infrastructure and major corporations.

  • Recent victims include Jaguar Land Rover, which was forced to halt production earlier this month.

  • A German industry survey found 1 in 7 companies have paid ransoms to recover from attacks.

  • Experts note that while such high-impact disruptions are highly visible, they remain relatively rare compared to the overall number of cyber incidents.

Expert perspective

Rafe Pilling of Sophos noted that attackers are increasingly focusing on high-visibility victims for maximum leverage:

“Disruptive attacks are becoming more visible in Europe, but visibility doesn’t necessarily equal frequency. Truly large-scale, disruptive attacks that spill into the physical world remain the exception rather than the rule.”

Collins Aerospace said it is in the final stages of deploying updates to restore full functionality across affected airports.

Cyberattack cripples European airports, disruptions to last into Sunday

/in /tarafından

A cyberattack on check-in and boarding systems provider Collins Aerospace caused major disruptions on Saturday across several European airports, including London’s Heathrow, Brussels, Berlin, and Dublin, with impacts expected to stretch into Sunday.

The incident targeted Collins’ MUSE software, which supports airlines worldwide. Parent company RTX confirmed a “cyber-related disruption” but gave no details on the attackers. Airports reported flight delays, cancellations, and diversions, while manual check-in procedures were deployed to keep passengers moving.

  • At Heathrow, Brussels, and Berlin, 29 flights were cancelled by mid-day out of nearly 1,100 scheduled departures.

  • Brussels Airport ordered airlines to cancel half of Sunday’s flights to avoid chaotic queues and last-minute cancellations.

  • Berlin and Dublin airports reported long wait times, while Frankfurt remained unaffected.

The European Commission said there was no indication of a “widespread or severe attack,” though investigations are ongoing. Experts warned the case underscores the fragility of aviation’s digital ecosystem, vulnerable to ransomware or sabotage.

Passengers expressed frustration over poor communication:

  • “We haven’t been told anything except that there was a technical fault,” one traveller in Berlin said.

  • Another called it “inexplicable” that systems remain so easily disrupted.

Airlines responded unevenly: easyJet said operations were normal, Delta and United reported only minor delays, while Ryanair and British Airways did not immediately comment.

Authorities in Britain and Germany said cyber defence teams are working with airports to manage the fallout. The disruption adds to a year marked by high-profile hacks, including breaches at Jaguar Land Rover and UK retailers, fueling concern about escalating digital threats across industries.