Locations Affected: Europe
Situation: On 22 September, the European Union Agency for Cybersecurity (ENISA) confirmed that malicious software had been used to compromise automatic check-in systems, causing widespread disruptions at various airports across the region since 19 September. The attack, suspected to be ransomware, targeted the US software maker Collins Aerospace, specifically it’s MUSE airport systems. ENISA also stated that investigations have begun to identify the individuals responsible for the cyberattack. On 23 September, the UK’s National Crime Agency (NCA) arrested a man suspected of being connected to the cyber-attack. Recovery efforts are ongoing.
Background: Ransomware attacks remain a significant issue for organizations. A survey by the German group Bitkom reported ransomware as the most common form of cyberattack. As per reports, in 2023, Collins Aerospace faced a cyber intrusion by a ransomware group BianLian, which claimed to have stolen employee personal information and corporate data.
According to a report by the French aerospace company Thales, cyberattacks in the aviation sector have increased by 600 percent over the past year. In June, a cyberattack targeting the customer call center of Australian flag carrier Qantas Airways resulted in a major data leak.
Implications:
- The MUSE airport system is a third-party electronic check-in and baggage handling system used by various airlines and many airports globally. This recent cyberattack is an example of a supply chain attack in the aviation sector.
- The attack forced affected airports to check in passengers manually, causing major delays and cancellations. On 21 September, passengers were advised not to travel to the airport unless their flights were confirmed.
- On 22 September, Collins Aerospace stated that it is working in coordination with affected airports and is completing updates to restore the functionality of automated check-in systems.
- While most flights at Heathrow Airport in the United Kingdom continued to operate, delays and cancellations persisted. Staff were urged to continue using manual workarounds to board and check in passengers.
- Brussels Airport acknowledged uncertainty over when the disruption would be contained and that ‘limited disruptions’ would continue. Airlines were compelled to cancel nearly 140 out of 276 scheduled outbound flights on 22 September.
- Similarly, Berlin Airport could not provide an estimate for when the electronic outage would be resolved. Some airlines continued boarding passengers manually. The airport also faced higher passenger numbers on 22 September due to the Berlin Marathon, resulting in departures being delayed by over an hour.
Outlook: The recent cyberattack, coupled with the rise in similar incidents, highlights the growing risk to critical infrastructure and related industries. The aviation sector is particularly susceptible to cyberattacks due to its reliance on interconnected systems for operations and third-party systems for passenger handling. The incident underscores the need for airports to implement backup plans to mitigate the effects of large-scale outages.
In the short term, travellers passing through affected airports may continue to experience delays until recovery is complete. In the long term, organizations are advised to review and strengthen their travel risk management plans to minimize the impact of cyberattacks on travellers and their personal data.
