A cyberattack on ticketing and check-in software used across multiple European airports triggered massive weekend disruptions, leaving passengers stranded and flight schedules in disarray. The fallout extended into Monday, underscoring what security experts warn is a growing risk: third-party software attacks on critical infrastructure that directly affect ordinary people. 

According to an Associated Press report, RTX has acknowledged a cyberattack on Collins Aerospace’s MUSE (Multi-User System Environment) software at certain airports. The system, widely used in airport kiosks, allows travelers to complete self-service functions such as check-ins, printing boarding passes, and tagging luggage. 

According to published reports, disruptions to electronic check-in and baggage systems hit several European airports, including Heathrow, London’s largest air hub. With kiosks down, employees resorted to manual processing, causing passengers to endure multi-hour waits for normally quick procedures. 

Uncertainty persisted Monday over who carried out the airport cyberattack or why, with thousands of travelers still affected by the disruptions. While the hacker group Scattered Spider was responsible for multiple airline attacks earlier this year, officials have not identified them as suspects in this case. 

According to Reuters, European Union Agency for Cybersecurity (ENISA) said on Monday that ransomware was behind the recent airport system outage, claiming attackers had locked the MUSE software for ransom, which triggered the disruption. Yet when Dark Reading reached out, the agency provided a statement but did not explicitly verify ransomware as the cause. 

Cyber Threats Target Vital Infrastructure 

Given the reliance on Internet-linked third-party software and services, experts caution that attacks affecting physical operations and disrupting everyday life could become more frequent, especially when critical infrastructure is involved. 

Experts noted that to protect the people they serve, providers of critical infrastructure and essential services should improve security measures and gain better visibility into all technology systems that affect their operations. 

Experts have repeatedly warned about weaknesses in the security of critical infrastructure, particularly in operational technology (OT), which requires urgent reinforcement. Dave Gerry, Bugcrowd’s CEO, referred to such infrastructure as a “soft target” for cybercriminals aiming for maximum disruption with minimal resources. 

To counter growing cyber risks, providers of critical infrastructure should embrace zero-trust security approaches and privileged access management, limiting potential damage from attacks while maintaining the public’s trust in vital services.