Airports across Europe experienced a lot of disorder shortly after cybersecurity specialists detected HardBit ransomware as the culprit in large-scale havoc inflicted on Collins Aerospace check-in systems. The assault, which was found on Friday evening, brought many major hubs such as London Heathrow, Brussels Airport, and Berlin Brandenburg to their knees, compelling airlines to cannibalize a mechanical boarding system.
HardBit ransomware becomes the leading attack vector
A recent cyberattack against aerospace and defense firm Collins Aerospace, which has led to massive disruptions at some of the biggest airports in Europe, has reportedly been caused by a piece of software called HardBit, according to Security Week. The HardBit ransomware was created in October 2022, and it gained prominence a few months later when it was revealed that the cybercriminals were open to negotiating ransom sums depending on the presence of a cyberinsurance policy of their victims. Since not much has been reported on HardBit.
Hackers are encrypting files on affected systems with the HardBit ransomware, and they purport to steal information of the victims, but unlike most other ransomware attacks, they do not seem to have a webpage where they list the names of victims and publish stolen information. On Tuesday, cybersecurity expert Kevin Beaumont wrote that the attack was a variant of HardBit, which he described as incredibly basic. Beaumont heard that Collins Aerospace has been experiencing problems getting rid of the malware, and that the devices become reinfected after being cleaned.
Constant malware makes it difficult to do recovery across systems
The BBC has reported in the past week that more than a thousand computers might have been affected and that Collins had detected that the hackers were still in its network even after it had rebuilt and relaunched systems. In a memo to Heathrow employees, which was leaked to the BBC, it was alleged that over a thousand computers could have been damaged and that the majority of the work to restore them online would have to be performed by hand rather than remotely.
According to the BBC, the cybersecurity agency of the EU confirms that criminals are managing to cause havoc in airports globally using ransomware. Some of the busiest airports in Europe have been busy in the last few days attempting to resume regular operations following a cyber-attack on Friday that affected the automatic check-in and boarding software. On Monday, the European Union Agency of Cybersecurity, ENISA, informed the BBC that automatic check-in systems had been scrambled with malicious software.
Large-scale airports deal with long-term disruptions
On Friday night, the assault on US software producer Collins Aerospace was detected, and it caused several airports to be disrupted on Saturday. Though this had almost certainly improved in Berlin and London Heathrow by Sunday, there still existed delays and flight cancellations. Brussels Airport, which was hit as well, responded that the service provider was currently working on the matter, although it remains unclear when the problem will be fixed. According to the AP news agency, they have requested airlines to cancel almost 140 of their 276 scheduled outbound flights on Monday.
In the case of the HardBit ransomware attack on Collins Aerospace, it is a watershed in aviation cybersecurity as an example of how a single point of failure can be transmitted to several airports worldwide. The apprehension of a suspect gives some hope of responsibility; however, the incident highlights the reality of the necessity to improve security in critical infrastructure. With the aviation industry becoming more and more digital, such an attack provides a stark insight that the sphere of cybersecurity needs to evolve alongside the introduction of new technologies to secure the key services.