A 40-year-old man was arrested in West Sussex this week in connection with a cyberattack that knocked out check-in systems at several major European airports, including London’s Heathrow, Berlin and Brussels.
The UK’s National Crime Agency (NCA) has confirmed the arrest on suspicion of offences under the Computer Misuse Act and says the investigation is ongoing. However, after his arrest, the suspect was reportedly released on conditional bail. The NCA says it is still early days, and it has not publicly identified others involved or the full motive behind the attack.
“It is a positive update that a suspect has already been arrested in connection with this attack. It also highlights the priority law enforcement is placing on catching the perpetrators of cybercrime today,“ said Ryan McConechy, CTO at Barrier Networks.
“We don’t know how the attack was executed, but we do know ransomware was involved. Organisations must learn from this and prioritise their defences against the vector, and this means training staff regularly, patching vulnerabilities, deploying phishing-resistant MFA capabilities, inventorying assets, monitoring the security of suppliers and applying network segmentation to protect an organisation’s most important assets,“ Ryan emphasised.
Cyber Attack on Collins Aerospace
The attack targeted Collins Aerospace, a company whose systems handle check-in, baggage tagging and boarding processes at airports. Around Friday night, those systems began failing. Airport staff were forced to use handwritten boarding passes, backup laptops or manual check-in methods while efforts were underway to restore automated services.
Passengers faced delays and cancellations. Brussels in particular felt the impact hard: over the weekend, it cancelled dozens of flights and asked airlines to cut back departures after it proved difficult to restore the compromised system. Berlin also experienced long queues as staff tried to catch up.
Authorities believed the attack involved ransomware. The EU cybersecurity agency ENISA said a “third-party ransomware” was behind the outages. Collins Aerospace acknowledged a “cyber-related disruption” and is coordinating with airports and law enforcement to restore systems.
This incident adds to a growing list of cyber events affecting transport infrastructure worldwide, from rail systems to shipping terminals. Last week, UK authorities arrested two individuals linked to the Scattered Spider group during an investigation into a cyberattack on Transport for London (TfL) that caused millions of pounds in damage.
Waqas
