Cyber attacks targeting check-in and baggage systems cause mass chaos at European airports | DW News

A widespread cyber attack has disrupted operations at several of Europe's busiest airports, including London, Brussels, and Berlin, impacting check-in, baggage handling, and boarding systems. This sophisticated attack, targeting a service provider, has led to numerous flight delays and cancellations, forcing airlines to revert to manual procedures. The incident highlights significant vulnerabilities in air transport security systems and raises concerns about the potential for similar disruptions across critical infrastructure due to centralized systems.

The identity of the attackers remains unclear, with potential motives ranging from financial gain through ransomware to state-sponsored espionage or political disruption. Experts suggest that while the complexity of such attacks might limit their replication, the incident serves as a stark warning about the increased vulnerability of interconnected systems. The difficulty in attributing cyber attacks and the time required for investigation further complicate response efforts.

• A cyber attack affected check-in, baggage, and boarding systems at airports in London, Brussels, and Berlin.
• Dozens of flights were delayed or canceled due to the attack, forcing manual passenger processing.
• The attack targeted a service provider, highlighting vulnerabilities in centralized air transport security and critical infrastructure.
• Potential attackers include cyber criminals seeking money or state-linked actors with political motives.
• Attribution of cyber attacks is complex and time-consuming, making swift response difficult.

Related Video Summary

• Trump threatens to provide Tomahawks to Ukraine if Putin continues attacks

Cyber Attack Disrupts European Airports [00:00]

• A cyber attack caused chaos at some of Europe's busiest airports on a Saturday.
• The hackers targeted check-in services and electronic baggage facilities at airports in London, Brussels, and Berlin.
• This intrusion exposes vulnerabilities in air transport security systems.
• It is not clear who was behind the attack.
• Dozens of flights were delayed or cancelled due to the cyber attack targeting a service provider for check-in and boarding systems.
• Airline agents had to use manual procedures for passenger check-ins, baggage drop, and boarding.
• Collins Aerospace, a major aviation and defense company, was affected by the attack.
• The attack is described as clever because it affected a number of airlines and airports simultaneously, not just one.
• The hackers got into the core system that enables airlines to check in many passengers at different desks at different airports.

This is a very clever cyber attack indeed because it's affected a number of airlines and airports at the same time. not just one airport or one airline, but they've got into the core system that enables airlines to effectively check in many of their passengers at uh different desks at different airports around Europe. This is highly significant.

This section details the immediate impact of a cyber attack on several European airports, outlining the services affected, the operational consequences like delays and cancellations, and the revelation of systemic vulnerabilities. The sophisticated nature of the attack, which compromised a core service provider affecting multiple locations, is emphasized.

Airport Operations and Passenger Experience [00:21]

• At London's Heathrow Airport, dozens of flights were delayed or cancelled.
• Travelers at Berlin Brandenburg airport were advised to check flight status before leaving home.
• It was unclear when operations would return to normal.
• The disruption was expected to affect traffic for most of the day, with recovery potentially taking many days if systems couldn't be restored.
• Passengers reported a lack of information from airlines and a shortage of staff.
• Passengers expressed frustration over not being informed and having to gather limited information themselves.
• Some flights eventually took off after long delays.
• Passengers were advised to have patience.

Yeah, no organization, nobody's told us anything going on. We've had to um literally cherry pick it ourselves and get as much information as we can, which is really little or nothing.

This part focuses on the on-the-ground experience for passengers, detailing the delays, cancellations, and lack of communication from airport and airline staff, highlighting the human impact of the cyber incident.

Centralization and Systemic Vulnerabilities [02:55]

• The problem is serious due to centralization, which is done to be more efficient across different airports and other critical infrastructure.
• A single system or software (Muse software is mentioned as targeted) can become a single point of failure.
• Targeting one specific software that manages check-in and luggage processes can cause huge disruption.
• This disruption is not only annoying but also has cost implications.
• The speaker raises concerns about what would happen if supervisory control and data acquisition (SCADA) software used in industrial processes were targeted, questioning manual management capabilities for critical systems like the electric power grid.
• This highlights a weakness where the pursuit of efficiency makes systems more vulnerable.

So you have one system and the Muse software which has been targeted and it is a single point of failure. So in order to create a lot of damage, you just need to target one specific software which manages um the check-in and the luggage um process and then you cause a huge disruption.

This section delves into the underlying cause of the widespread impact: the trend towards centralization for efficiency, which inadvertently creates single points of failure with significant implications for critical infrastructure beyond aviation.

Potential Attackers and Motivations [04:09]

• There could be different actors behind the attack; investigations are needed.
• Russian-affiliated groups or Russian intelligence services are a possibility, given the capability required.
• The nature of the attack (ransomware or not) influences the potential actors.
• If it's ransomware, cyber criminals seeking money are likely, without political motivations.
• If it's a state-linked actor, countries like Russia, China, Iran, and North Korea have the expertise.
• Many actors could benefit from such an attack given the tense geopolitical situation.
• Linking a particular group requires digital forensics, analyzing clues and signatures in the code.
• Cyber attribution is very difficult and never directly links a specific group to a state.
• This process takes a lot of time, losing critical time for response, and by then, the incident may be forgotten.

Of course, uh the first on the list would be possibly Russian affiliated groups or Russian intelligence services because it's not just about wanting to launch the attack. It's also about having the capability to launch the attack.

This segment explores the various entities that might have executed the attack, discussing their potential motivations from financial gain to state-sponsored actions, and highlighting the challenges associated with identifying and proving the perpetrators' identities.

Security Concerns and Defense Sector Implications [06:05]

• The attack proves that European airports are not as secure as previously thought.
• Airports are considered critical infrastructure, and the attack raises concerns about potential attacks on the continent.
• While worrying, it doesn't mean such attacks are easily replicated, as they require extensive study of adversary systems and development of specific algorithms.
• The fact that Collins Aerospace, involved in defense, was also affected raises questions about how this will reflect on the defense sector.

It gives us a message because Collins airspace is also involved in defense. How that is going to reflect on the defense sector that is also a crucial question that we should be asking ourselves.

This part addresses the broader security implications for Europe, acknowledging the vulnerability exposed but also tempering fears by noting the complexity of such attacks, while also raising questions about the potential impact on the defense industry.

Cyber Attribution and Motives [07:31]

• Determining who did the hacking is a question of attribution.
• Attribution involves considering motives, intents, techniques, signatures or fingerprints of used tools, details of those tools, and geopolitical context.
• It's a multi-domain process that takes time and isn't simple.
• The motive for this specific attack is not clearly known but typically includes political reasons or financial gain (ransomware).
• Cyber attacks can be masked as ransomware attacks, especially in a tense geopolitical climate.
• The current tense geopolitical situation in Europe is noted, suggesting attacks could be part of a larger puzzle.

That's um pretty great question because I have no idea. And actually no one knows clearly.

This section explains the technical and strategic process of cyber attribution, detailing the factors considered, and reiterates the uncertainty surrounding the specific motives behind the airport cyber attack.

European Airport Security and Target Attractiveness [09:32]

• Airport security varies from one airport to another.
• State and non-state actors target airports, transportation, and logistics centers because they are attractive targets for subversion and espionage.
• The specific attack appears to be a supply chain attack, where a compromised supplier or a technical incident on their side affects multiple locations.
• This highlights a single point of failure in such supply chain dependencies.

That's because they those are good um I mean attractive targets for subversion sewing chaos but also collection of espionage information. data.

This final segment discusses the general security posture of European airports, identifying them as prime targets for various actors due to their critical nature, and specifies the nature of the recent attack as a supply chain compromise.