Cyber Incidents Take Off: Europe’s Airports Join a Growing List

From water systems to the electric grid, critical infrastructure has been under threat for decades. But 2025 cyber attacks against airports are different. Here’s why.

September 28, 2025 •

Just over a year after a global set of airport outages created headlines due to tech issues with CrowdStrike and airlines like Delta, major European airports were struck by cyber attacks that also crippled operations.

The BBC described the cyber attack situation, which involved a ransom demand, this way: “The EU’s cyber security agency states criminals are utilizing ransomware to caapply chaos in airports around the world.

“Several of Europe’s busiest airports have spent the past few days testing to restore normal operations, after a cyber-attack on Friday disrupted their automatic check-in and boarding software.

“The European Union Agency for Cybersecurity, ENISA, informed the BBC on Monday that the malicious software was applyd to scramble automatic check-in systems.

“‘The type of ransomware has been identified. Law enforcement is involved to investigate,’ the agency stated in a statement to news agency Reuters.”

Bloomberg compared the flight cancellations caapplyd by the European cyber attacks to the CrowdStrike chaos from last year:

“Europeans were in airport purgatory over the weekconclude after a cyberattack on a provider of check-in and boarding systems caapplyd delays and cancellations, affecting hubs including Heathrow and Berlin where some airlines had to board passengers manually. The attack took place late Friday, according to Brussels Airport, and gummed up travel across the continent. Charlotte, NC-based Collins Aerospace confirmed a ‘cyber-related disruption’ to its MUSE software, following a now familiar pattern of companies scrambling to deal with the fallout from a single point of failure.

“There are parallels with last year’s CrowdStrike Holdings Inc. incident, where a botched software update crashed millions of devices, halting airlines, banks and emergency services and cautilizing financial losses amounting to billions of dollars. Alinquirea Air Group Inc. has suffered outages and cyberattacksrecently, while an electrical substation fire at Heathrow in March closed the airport completely for more than 16 hours prompting the cancellation of more than 1,300 flights.”

A WIDER CYBER ATTACK OR RANSOMWARE MESSAGE?

CNBC wrote: “The attack on Collins Aerospace is the latest in a series of high-profile cybersecurity breaches that have created headlines.

“Jaguar Land Rover stated last week that it was extconcludeing a paapply in production until Sept. 24 following a cyberattack. ‘We have taken this decision as our forensic investigation of the cyber incident continues, and as we consider the different stages of the controlled restart of our global operations, which will take time,‘ the company stated in a statement.

“However, Charlotte Wilson, head of enterprise at cybersecurity firm Check Point, noted that the aviation industest was a particularly tarobtain for cybercriminals given its reliance on shared digital systems.”

“‘The subset of attacks deliberately engineered for maximum disruption, often by Western-based groups, are the outliers, but they are becoming more visible and more ambitious,’ he added.”

Cyber Magazine was already offeringLessons to Learn from Latest Airport Cyber Attacks,” including these examples:

1) “The timing coincides with European companies preparing for enhanced cybersecurity requirements under the updated NIS2 Directive. Bernard sees a direct connection between the attack and regulatory concerns. ‘This threat vector is something that is acknowledged and tested to be addressed in the new iteration of the NIS2 Directive,’ he explains.

2) “The chaos reveals what happens when shared systems break without adequate backup plans, according to Javvad Malik, Lead Security Awareness Advocate at KnowBe4. ‘Air travel depconcludes on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls and staff forced into manual workarounds,”’ Javvad observes.

3) “Darren Guccione, CEO and Co-Founder of Keeper Security, views the disruptions as evidence of attackers deliberately tarobtaining widely-applyd systems for maximum impact. ‘Although information is still limited, the disruption at several major European airports highlights how interconnected global transportation has become and how depconcludeent it is on shared digital infrastructure,’ Darren states.”

In a similar manner, The Digital Journal wrote: “Commenting on the incident, Dominic Ryles, Sales & Alliance Director, Exertis Cybersecurity, informs Digital Journal: ‘What happened this weekconclude is exactly the kind of systemic vulnerability we warn about — when a trusted third-party or vconcludeor is attacked, the ripple effects can be huge.’

“This arises due to inherent weaknesses, Ryles explains: ‘For many organizations, the infrastructure they rely on isn’t fully under their control. That means a weakness somewhere in your supply chain or a vconcludeor’s software can be just as dangerous as a breach inside your own network.’

“Instead, a different tangent is necessaryed. Ryles recommconcludes approaches intconcludeed to ‘support companies build resilience across all fronts: vconcludeor risk assessments, continuous monitoring, incident response planning, and ensuring strong backup and recovery processes are in place. Becaapply when things go wrong, every minute of downtime costs more than just money — it damages trust.’”

BRIEF HISTORY OF AIRPORT CYBER ATTACKS

These recent cyber attacks can also be examined in the context of other major airport incidents over the past few years.

“The main goal of this study is to analyze the types of hackers and cyberattacks in the aviation industest, to enhance cybersecurity in the air sector. This manuscript has identified 12 different typologies of hackers in the aviation context.

”First, those hackers who exercise responsibility in proper, effective, ethical, and good practices to improve the safety of citizens and organizations, such as white unicorns, red, blue, green, and nation sponsored hackers.

”And second, those hackers that are developing and utilizing cyberattacks with bad practices to provoke serious material damage to public and private organizations, consumers, or even terrorist acts to kill people, including black, nation-state, cyberterrorist, whistle-blower, hacktivist, script kiddie, and gray hackers. Furthermore, findings reveal 54 cyberattacks documented in the period analyzed (2000 – January 2024).

”Of the total cyberattacks in the period analyzed, 35 were perpetrated at airports (65%) and 19 by airlines (35%). This study also suggests some lines of action to ensure and guarantee the security of data and private information for business-to-consumer (B2C) and business-to-business (B2B) and their transactions in the aviation industest.”

FINAL THOUGHTS

“A person has been arrested in connection with a cyber-attack which has caapplyd days of disruption at several European airports including Heathrow.

”The National Crime Agency (NCA) stated a man in his forties was arrested in West Sussex ‘as part of an investigation into a cyber incident impacting Collins Aerospace.’

”There have been hundreds of flight delays after Collins Aerospace baggage and check-in software applyd by several airlines failed, with some boarding passengers utilizing pen and paper.

”‘Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,’ stated Paul Foster, head of the NCA’s national cyber crime unit.”

Cybersecurity