It has been reported that aviation services company Swissport International has disclosed a ransomware attack that has impacted its IT infrastructure and services, causing flights to suffer delays. The Swiss company provides services for cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries. It handles 282 million passengers and 4.8 million tons of cargo every year, making it a a vital link in the global aviation travel industry chain. A tweet from the company today notes that the attack has been largely contained and systems are being restored to bring services back to normal. At the time of writing, loading Swissport’s website returns an error, indicating that the firm’s IT team is still dealing with problems resulting from the ransomware attack.
<p>This is the third attack in a week on European critical infrastructure providers. The attacks have focussed on the ancillary IT services that surround the production system or service. The NIS legislation in Europe requires critical infrastructure providers to attain a certain level of operational resilience. Whether the surge in attacks is related to current geo political events is unknown. However, providers of critical services should immediately review the adequacy of their risk assessments from cyber threat with emphasis on the criticality of the ancillary IT systems that have increased connectivity and the potential to impact the OT and ICS production and service delivery.</p>
<p>While the attack on Swissport has the look of a Russian involvement, it would be premature to formally accuse Moscow of having its fingers on this attack at this time. What we do know is that Swissport transports more than a quarter of a billion passengers annually, and if a determined and well-funded hacker group is interested in carrying out an espionage campaign to gain an upper hand on the world stage, airlines are prime targets. A growing trend investigated by Cybereason researchers is the increase in global attacks where ransomware is used against targets following data exfiltration in order to inflict damage to systems and hamper forensics investigations.</p>
<p>Critical infrastructure industries including the airline industry have targets on their back and face a relentless and persistent attacker. I recommend that organisations plan ahead and prepare for the worst; follow security hygiene best practices, timely patch management, offsite data backups and employee awareness training. Deploy multi-layer prevention capabilities on all endpoints across the network and implement extended detection and remediation solutions across the environment for visibility to end advanced ransomware attacks before the hackers can gain a footing on the network.</p>