2025年9月,欧洲主要机场遭遇勒索软件攻击,导致航班取消和延误。此次事件与2024年CrowdStrike引发的全球机场故障类似,凸显航空业对共享数字系统的依赖性及网络安全漏洞。专家指出需加强基础设施保护和备份计划以应对此类威胁。 2025-9-28 09:17:0 Author: securityboulevard.com(查看原文) 阅读量:0 收藏
From water systems to the electric grid, critical infrastructure has been under threat for decades. But 2025 cyber attacks against airports are different. Here’s why.
September 28, 2025 •
Adobe Stock/TellingPhoto
Just over a year after a global set of airport outages made headlines due to tech issues with CrowdStrike and airlines like Delta, major European airports were struck by cyber attacks that also crippled operations.
The BBC described the cyber attack situation, which involved a ransom demand, this way: “The EU’s cyber security agency says criminals are using ransomware to cause chaos in airports around the world.
“Several of Europe’s busiest airports have spent the past few days trying to restore normal operations, after a cyber-attack on Friday disrupted their automatic check-in and boarding software.
“The European Union Agency for Cybersecurity, ENISA, told the BBC on Monday that the malicious software was used to scramble automatic check-in systems.
“‘The type of ransomware has been identified. Law enforcement is involved to investigate,’ the agency said in a statement to news agency Reuters.”
Bloomberg compared the flight cancellations caused by the European cyber attacks to the CrowdStrike chaos from last year:
“Europeans were in airport purgatory over the weekend after a cyberattack on a provider of check-in and boarding systems caused delays and cancellations, affecting hubs including Heathrow and Berlin where some airlines had to board passengers manually. The attack took place late Friday, according to Brussels Airport, and gummed up travel across the continent. Charlotte, NC-based Collins Aerospace confirmed a ‘cyber-related disruption’ to its MUSE software, following a now familiar pattern of companies scrambling to deal with the fallout from a single point of failure.
“There are parallels with last year’s CrowdStrike Holdings Inc. incident, where a botched software update crashed millions of devices, halting airlines, banks and emergency services and causing financial losses amounting to billions of dollars. Alaska Air Group Inc. has suffered outages and cyberattacksrecently, while an electrical substation fire at Heathrow in March closed the airport completely for more than 16 hours prompting the cancellation of more than 1,300 flights.”
A WIDER CYBER ATTACK OR RANSOMWARE MESSAGE?
CNBC wrote: “The attack on Collins Aerospace is the latest in a series of high-profile cybersecurity breaches that have made headlines.
“Jaguar Land Rover said last week that it was extending a pause in production until Sept. 24 following a cyberattack. ‘We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time,‘ the company said in a statement.
“While British retailer Marks & Spencer earlier this year said a recent cyberattack, which left food shelves bare and brought online sales to a standstill, would wipe out almost one-third of its annual profits.
“However, Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, noted that the aviation industry was a particularly target for cybercriminals given its reliance on shared digital systems.”
While reporting on this latest story, Reuters published “Airport chaos highlights rise in high-profile ransomware attacks, cyber experts say”: “‘Broadly, the majority of ransomware activity is still geared towards extortion through data encryption and theft,’ said Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.
“‘The subset of attacks deliberately engineered for maximum disruption, often by Western-based groups, are the outliers, but they are becoming more visible and more ambitious,’ he added.”
Cyber Magazine was already offeringLessons to Learn from Latest Airport Cyber Attacks,” including these examples:
1) “The timing coincides with European companies preparing for enhanced cybersecurity requirements under the updated NIS2 Directive. Bernard sees a direct connection between the attack and regulatory concerns. ‘This threat vector is something that is acknowledged and tried to be addressed in the new iteration of the NIS2 Directive,’ he explains.
2) “The chaos reveals what happens when shared systems break without adequate backup plans, according to Javvad Malik, Lead Security Awareness Advocate at KnowBe4. ‘Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls and staff forced into manual workarounds,”’ Javvad observes.
3) “Darren Guccione, CEO and Co-Founder of Keeper Security, views the disruptions as evidence of attackers deliberately targeting widely-used systems for maximum impact. ‘Although information is still limited, the disruption at several major European airports highlights how interconnected global transportation has become and how dependent it is on shared digital infrastructure,’ Darren states.”
In a similar manner, The Digital Journal wrote: “Commenting on the incident, Dominic Ryles, Sales & Alliance Director, Exertis Cybersecurity, tells Digital Journal: ‘What happened this weekend is exactly the kind of systemic vulnerability we warn about — when a trusted third-party or vendor is attacked, the ripple effects can be huge.’
“This arises due to inherent weaknesses, Ryles explains: ‘For many organizations, the infrastructure they rely on isn’t fully under their control. That means a weakness somewhere in your supply chain or a vendor’s software can be just as dangerous as a breach inside your own network.’
“Instead, a different tangent is needed. Ryles recommends approaches intended to ‘help companies build resilience across all fronts: vendor risk assessments, continuous monitoring, incident response planning, and ensuring strong backup and recovery processes are in place. Because when things go wrong, every minute of downtime costs more than just money — it damages trust.’”
BRIEF HISTORY OF AIRPORT CYBER ATTACKS
These recent cyber attacks can also be examined in the context of other major airport incidents over the past few years.
“The main goal of this study is to analyze the types of hackers and cyberattacks in the aviation industry, to enhance cybersecurity in the air sector. This manuscript has identified 12 different typologies of hackers in the aviation context.
”First, those hackers who exercise responsibility in proper, effective, ethical, and good practices to improve the safety of citizens and organizations, such as white unicorns, red, blue, green, and nation sponsored hackers.
”And second, those hackers that are developing and using cyberattacks with bad practices to provoke serious material damage to public and private organizations, consumers, or even terrorist acts to kill people, including black, nation-state, cyberterrorist, whistle-blower, hacktivist, script kiddie, and gray hackers. Furthermore, findings reveal 54 cyberattacks documented in the period analyzed (2000 – January 2024).
”Of the total cyberattacks in the period analyzed, 35 were perpetrated at airports (65%) and 19 by airlines (35%). This study also suggests some lines of action to ensure and guarantee the security of data and private information for business-to-consumer (B2C) and business-to-business (B2B) and their transactions in the aviation industry.”
FINAL THOUGHTS
“A person has been arrested in connection with a cyber-attack which has caused days of disruption at several European airports including Heathrow.
”The National Crime Agency (NCA) said a man in his forties was arrested in West Sussex ‘as part of an investigation into a cyber incident impacting Collins Aerospace.’
”There have been hundreds of flight delays after Collins Aerospace baggage and check-in software used by several airlines failed, with some boarding passengers using pen and paper.
”‘Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,’ said Paul Foster, head of the NCA’s national cyber crime unit.”
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
如有侵权请联系:admin#unsafe.sh