Thousands of passengers have experienced flight delays or cancellations after a cyberattack at major European airports. But an expert suggests the problems may not be over, with the perpetrators still unidentified.
What do we know about security breaches at airports?
A cyberattack last Friday (September 19) caused major disruptions at several European airports, including Berlin, Brussels and London Heathrow.
The European Union's cybersecurity agency, ENISA, said on Monday that a third-party ransomware attack had targeted the check-in and boarding systems of MUSE, a widely used software platform operated by US company Collins Aerospace. Brussels Airport cancelled half of its flights on Sunday, while Berlin and London experienced cancellations and delays, the consequences of which continued on Monday. Cybersecurity expert Professor Alan Woodward told DW that this may not be the end of the story. "People tolerate delays, but they want to be kept informed. One of the things that frustrates travelers is sitting at an airport without knowing what's going on. Will this affect flights in two, three or four days?"
What problems do cyberattacks cause at airports?
Collins said that while delays in check-in and baggage delivery “could be mitigated through manual check-in operations,” the widespread cancellations show the impact of staff having to manually write out baggage tags and perform checks that are usually done online. It also highlights the reliance of key global infrastructures on computer systems, which can be compromised.
Professor Woodward noted that some companies do not invest heavily in information technology, adding that other airports could be targeted by this attack. “If this was a ransomware attack, why were only three airports affected?” he wondered. Collins’ services are used at more than 150 airports worldwide.
For Woodward, who has advised Europol and worked for the British government on these issues, the explanation could lie in the fact that those affected installed a compromised update on Friday or, more worryingly, that the attackers exploited known vulnerabilities. “This could be an attempt by Collins to release a version that they are sure is free of malware. On the other hand, the attackers could still be integrated into a centralized system used by all parties and try to extort Collins by saying: ‘This is our proof of concept. We have paralyzed three major airports.’” If you don’t pay us, this will spread.”
What is the latest news?
All of the affected airports remain affected to varying degrees. A BBC report on Monday showed that an internal memo to Heathrow staff reported that more than 1.000 computers were suspected to have been “compromised”, with most restoration work requiring on-site intervention rather than remote solutions. In Brussels, 140 of the 276 flights scheduled to depart on Sunday were cancelled, while Berlin Airport’s website continues to warn of “extended wait times” due to a “service provider outage”.
The same report claims that restarting Collins' system was not enough to fix the problem, as the hackers are still present in the system, lending credence to Woodward's theory. Collins continues to refer to the event as a "cyber incident" rather than an attack and says it is currently updating its systems.
Who could be behind ransomware attacks at airports?
So far, very little official information has been released, especially about who is targeting Collins and, by extension, the airports. Cybersecurity expert Woodward suggested that “the usual suspects” – countries like China, Iran and North Korea – could potentially orchestrate such an attack, perhaps using criminal gangs as intermediaries. However, one country stands out. “If there is a nation-state behind all of this, it is playing with fire and it is very aggressive. And the ones that generally engage in this kind of behavior and have the capabilities are Russia. "
Woodward stressed that, in the absence of official information, this was a somewhat speculative hypothesis and that "from what we know, it could be a group of teenagers in their bedrooms."
Given the significant disruption caused to people's lives, he called on affected companies to be more transparent. "Are they keeping quiet because they don't know and are desperately trying to figure it out? After 72 hours, they still don't know what happened? That would be almost more concerning."
What could be the economic consequences of cyberattacks on airports?
In the short term, airports and airlines will suffer financial losses due to refunds, compensation claims, a decline in passenger numbers and reduced payments from airports to airlines due to reduced services.
In the long run, there could be more serious problems for Collins, who owns RTX, a company that makes weapons and aircraft engines and is also active in cybersecurity. “Everyone is going to sue Collins for damages.” “It could end up in a terrible lawsuit to determine who is really responsible for this situation,” Woodward said.
It remains unclear whether personal data was compromised in the attack. If so, Woodward added, the consequences could be even more serious. “Ransomware attacks typically not only disrupt operations, but also steal data. Even if systems are restored, attackers can still save the data and hold it for ransom.”
Fines for violations of the GDPR (General Data Protection Regulation) are set by each country and can be very high. In 2023, Meta, the company that owns Facebook, was fined a record €1.2 billion ($1.4 billion) by the Irish Data Protection Commission for violating the GDPR and has also paid significant sums in other countries. /DW
edition
t7 live
