For flights, the threat of hackers grows and becomes permanent
According to Check Point Research, transport companies face an average of 1,143 attacks per week
3' min read
3' min read
The news of the cyber-attack that hit the airports of Berlin, London, Brussels and Dublin last Saturday, causing delays and long queues at the terminals, has brought a phenomenon with long-standing roots back into the media spotlight. The announcement arrived on Monday 22 by Enisa, the European Information Security Agency, to make official the identification of the type of ransomware that had unhinged the defences of check-in and boarding systems (investigations into the origin of the threat are still ongoing and it is not yet clear how long it will take to reactivate all the services that have gone down) has certainly not reduced the scale of the problem: the aviation sector is an increasingly attractive target for cybercriminals, and the main cause is its dependence on shared digital platforms and third-party providers. When one of these vendors is compromised, and in this case it was Collins Aerospace and the Muse software that powers self-service stations at numerous international airports, the outage can instantly affect multiple airlines and multiple airports, halting flight operations, leaving passengers stranded and causing chaos across borders.
A pervasive phenomenon
.The crux of the matter, as explained by the experts at Check Point Research, lies in the fact that this is not an isolated incident but an event that reiterates the persistence and escalation of the threat. And to confirm this thesis, there are very precise data: according to the findings of the well-known (Israeli) cybersecurity company, in fact, transport and logistics companies are faced with an average of 1,143 cyber attacks every week (a figure that is up by 5% compared to the previous year) and in August alone, this number rose to 1,258 offences. The latest episode at European airports also confirms the trend that attackers choose weekends and holidays to hit their targets for a very specific reason, namely the limited activity of IT teams, resulting in longer response times and the inevitable repercussion of disruption on Monday flights.
Which attacks do hackers prefer?
.The cyber turbulence hovering over the business and leisure travel sector is, moreover, closely related to the accelerated recovery in demand for travel and the equally sustained speed of the digitisation process of operations in a data-rich and highly interconnected sector. Also in the crosshairs of cybercriminals looking for vulnerabilities are tour operators, who have been victims of a dramatic increase in incidents over the past three years, including DDoS (Distributed Denial of Service) attacks, ransomware campaigns, phishing schemes and third-party system compromises. Some examples? The blocking of the booking operations, recorded last March precisely because of a DDos attack, of a major air ticket retailer in Germany, Austria and Switzerland caused serious disruption to travel agencies using the same platform. In early 2025, on the other hand, an Australian travel agency suffered a catastrophic breach due to a misconfigured cloud data storage procedure (on Amazon AWS), which exposed more than 112,000 sensitive records including passport scans, visa documentation and partial credit card numbers to attack.
A data-dependent system
.Few industries, the Check Point experts go on to note, are as dependent on real-time data, global communications and seasonal traffic as travel. This is due to the fact that all players in this industry - airlines, hotel and resort chains, booking platforms and transport authorities - manage huge amounts of sensitive information on dispersed networks, often relying on third-party providers for electronic payment processing, authentication systems and cloud infrastructure, thus expanding the attack surface. Many travel companies, not least, still operate with legacy systems or do not have robust DevSecOps practices (integrating the security component at every stage of the software development cycle), making them prime targets for cyber criminals. The solutions? Many, all converging in an approach that has become indispensable to reduce (or at least contain) the risk of large-scale disruptions: treating IT resilience with the same seriousness and attention as physical security and business continuity.

