The last month has been a real madness for european aviation. Between attacks, ransomware, fall of critical systems and the return of the drones on the scene, several airports in the continent have lived days of pure chaos. Between 19 and 22 September, an attack of ransomware against the software MUSE of Collins Aerospace is left in check to airlines and airports such as Heathrow, Brussels and Berlin. The incidence paralyzed the systems of check-in and boarding, forcing the staff to go back to paper and pen. They were long queues, cancellations, and a ripple effect that affected thousands of passengers. ENISA what he described as an attack of the supply chain, and did not exaggerate: a single-vendor managed to collapse half a continent.
Key points of the incident
The attack highlighted the fragility of the dependencies technology in the air transport sector. The airlines concerned had to improvise manual processes, with delays and significant economic losses. Days later, on the 3rd of October, the Munich airport was forced to suspend operations after detecting several drones in the airspace, causing more than 15 detours and 17 cancellations. All this in a context where several european governments indicates possible maneuvers of destabilizing foreign, although without conclusive evidence.
Input vectors and technical context
Although it has not been published detailed technical information, everything points to a gap in the chain of supply of the supplier. In similar cases, have been detected accesses by means of phishing, RDP exposed or vulnerabilities without patching in third-party systems. The weak point is again the same as always: the blind trust in the technology partners.
Possible campaign and actors involved
The attack began on Friday 19 and lasted throughout the weekend, with services to rebound slowly towards the Monday, 22. No attribution confirmed, but the pattern reminiscent of earlier operations of groups of ransomware. In the case of drones, the German authorities have hinted at political motivations behind the coordination of the incident, something that is still being investigated.
Impact
The month leaves a clear lesson: the incidents at european airports no longer limited to technical failures, or strikes, but combine cyber and physical able to collapse operations in hours. The civil aviation you need to raise your level of resilience and diversify suppliers critical to avoid repeating this scenario.
How you can help Amber Solutions?
Desdeste type of incidents fit fully in our areas of action. From the services Cyber Threat Intelligence (CTI) of Amber Solutions we monitor suppliers and detect active campaigns, and we came to the pentesting and red teaming to evaluate the safety of billing systems, networks, and remote access. Our team Threat Hunting you can identify anomalous activity before the ransomware deployment, and the area of digital forensic allows to reconstruct the events and to reinforce the weak points.
Amber Solutions can help to anticipate, contain, and mitigate attacks as of this month, reinforcing both the cyber security as well as the operational continuity of airports and airlines. Because when everything is stopped in an airport, every second counts.
