Aviation providers agency Swissport, which operates at greater than 300 airports around the globe dealing with greater than 280 million passengers and almost 5 million tonnes of cargo every year, has mentioned it efficiently contained a ransomware attack on its methods that noticed a small variety of flights from Zurich Airport delayed, however in any other case had a restricted affect.
The assault, by an undisclosed actor, befell early on the morning of Thursday 3 February, however seems to have carried out little harm to the agency’s potential to conduct its day-to-day operations – which embody cargo and baggage dealing with, passenger safety screening, amenities upkeep and cleansing, and hospitality providers.
In an announcement circulated by way of social media web site Twitter on Friday 4 February, Swissport confirmed a part of its infrastructure had been topic to an assault, however that it had been “largely contained”.
Shortly after 10am on Saturday 5 February, a spokesperson for the organisation posted: “IT safety incident at Swissport contained. Affected infrastructure swiftly taken offline. Guide workarounds or fallback methods secured operation always. Full system clean-up and restoration now underneath manner. We apologise for any inconvenience.”
The obvious swift decision to this specific cyber assault suggests Swissport has put in place appropriate ransomware mitigations and protective measures, together with, crucially, the flexibility to efficiently restore its methods from uncompromised backups.
The assault got here on the tail finish of a very energetic week for malicious actors concentrating on operators of what’s termed crucial nationwide infrastructure (CNI), in Europe, with multiple targets in the oil industry also being hit, leading to some disruption to gasoline provide chains, and elevating questions over the provenance of the assaults and the opportunity of links to Russia-backed groups given the unfolding Ukraine disaster – though this isn’t proved.
“That is the third assault in every week on European crucial infrastructure suppliers,” mentioned Andy Norton, European cyber danger officer at Armis. “The assaults have focussed on the ancillary IT providers that encompass the manufacturing system or service. Whether or not the surge in assaults is said to present geopolitical occasions is unknown. Nonetheless, suppliers of crucial providers ought to instantly assessment the adequacy of their danger assessments from cyber menace with emphasis on the criticality of the ancillary IT methods which have elevated connectivity and the potential to affect the OT and ICS manufacturing and repair supply.”
Cybereason chief safety officer Sam Curry added: “What we do know is that Swissport transports greater than 1 / 4 of a billion passengers yearly, and if a decided and well-funded hacker group is involved in finishing up an espionage marketing campaign to realize an higher hand on the world stage, airways are prime targets.
“A rising pattern investigated by Cybereason researchers is the rise in world assaults the place ransomware is used in opposition to targets following information exfiltration with a purpose to inflict harm to methods and hamper forensics investigations,” he mentioned.
“Crucial infrastructure industries together with the airline business have targets on their again, and face a relentless and protracted attacker.”