Swissport flight operations were disrupted after a ransomware attack took down IT systems.

The aviation company, which provides cargo handling, security, maintenance, cleaning, and lounge hospitality for 310 airports in 50 countries, manages 282 million passengers and 4.8 million tons of cargo every year.

In a tweet, the company noted the attack had been contained, and systems were being restored to bring services back to normal. In a statement, the Switzerland-based company told SecurityWeek that the breach was detected on February 3. “The affected infrastructure was quickly taken offline, and manual workarounds or fallback systems have remained operational. A full system clean-up and recovery is now underway, and we do not expect any significant delays,” Swissport stated.

 At this time, Swissport’s website is back online after it was inaccessible when the attack was disclosed. Today, the company announced that it reported record cargo demand in 2021. 

It’s unclear how many airports are impacted by this incident and who is behind the ransomware attack. German publication Der Spiegel reported the attack caused some temporary delays at Zurich Airport, with 22 flights delayed by up to 20 minutes due to the attack. 

“Cybercriminals are rational economic actors, and they’re seeing that attacks against cyber-physical targets can net 7- and 8-figure payouts,” says Josh Lospinoso, CEO and co-founder of Shift5. The Swissport attack provides a concrete example of how an isolated cybersecurity incident can have profound ramifications on critical infrastructure, he says. “When their assets can’t operate, airlines lose money very quickly and are incentivized to pay a ransom. This has yielded eye-popping ransoms for criminals, and we’ll see this powerful incentive sowing more attacks.”

As critical infrastructure like transportation becomes increasingly interconnected and autonomous, the consequences of cybersecurity couldn’t be higher. “Now, thanks to the interconnected nature of our digital components, operational technology is deeply embedded within this digital landscape. The result is that attacks — even originating from the IT side — have become much more devastating,” Lospinoso says.

As a result, transportation operators and owners of other critical infrastructure must continue bolstering their defenses. Lospinoso recommends critical infrastructure have better observability on the operational technology side, including on the digitally powered fleet assets themselves; robust reporting and information sharing across industries and governments; and, more cybersecurity control measures designed specifically for the OT side. "Today, it’s all too easy for attackers to cause paralyzing attacks against fleet assets. We must raise the bar for the safety and security of asset operators and the people who depend on them,” Lospinoso says.

The incident follows recent attacks in Europe. Three days before Swissport was attacked, attackers launched an attack against Oiltanking, disrupting fuel distribution across Germany. Major oil terminals in Belgium also experienced disruptions after a cyberattack. Several European ports, including Antwerp, Europe’s second-biggest port after Rotterdam, were affected.