A cyber attack has hit the US Pacific Northwest’s busiest airport, Seattle-Tacoma International Airport (SEA-TAC), causing potential delays and luggage problems.
“Earlier this morning the Port of Seattle experienced certain system outages indicating a possible cyberattack,” the airport confirmed. “The Port isolated critical systems and is in the process of working to restore full service and does not have an estimated time for return.”
SEA-TAC and some partner airlines switched to manual systems, allowing passengers to navigate the check-in and baggage collection processes.
Warning of potential delays and promising it was in the “process of working to restore full service,” Seattle-Tacoma Airport advised travelers to “give themselves extra time” as some of its “airline partners are currently providing manual bag tags and boarding passes.”
Cyber attack wreaks havoc at Seattle-Tacoma Airport
To avoid delays at the airport, SEA-TAC and some airlines advised customers to use carry-on luggage only and print their boarding passes at home. Alaska Airlines told passengers to attach their full name and contact information on their baggage to facilitate tracking.
Although details regarding the Seattle-Tacoma Airport cyber attack were scanty, it affected the airport’s Wi-Fi, website, flight display boards, and lost-and-found systems.
The airport also disclosed that the cyber attack affected maritime facilities, urging travelers to contact them by phone. International and domestic airlines, including Frontier, Spirit, Sun Country, and JetBlue, were mostly affected. SEA-TAC advised passengers to confirm travel information with their airlines and allocate additional time for potential delays.
SEA-TAC is working with the Transportation Security Administration (TSA), Customs and Border Protection, and external cybersecurity experts to investigate the issue.
However, the timeline for restoring the impacted systems remains uncharted. The airport’s systems remained offline three days after the cyber attack, suggesting an apparent ransomware incident.
“Port teams continue to make progress on returning systems to normal operations, but there is not an estimated time for return,” SEA-TAC said.
So far, no cyber gang has claimed responsibility for the Seattle-Tacoma cyber attack. Cybercrime gangs typically avoid publicizing cyber attacks when ransom negotiations are still possible.
However, they usually list the victim on a dark web data leak site and threaten to publish the stolen data online when the impacted organization shows little enthusiasm for negotiations. The FBI discourages organizations from paying the ransom because it barely guarantees data recovery and incentivizes cybercriminals to execute more cyber attacks.
More cyber attacks target the aviation industry and critical infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) lists the aviation industry, which includes “aircraft, air traffic control systems, and about 19,700 airports,” as critical infrastructure, whose disruption could have national security, economic, and public health consequences.
“The cyberattack on the Port of Seattle, affecting the Seattle-Tacoma International Airport’s IT systems, serves as a stark reminder of the vulnerabilities within critical infrastructure,” said Nick Tausek, Lead Security Automation Architect at Swimlane. “Airports, which serve as vital hubs in the global transportation network, specifically with Sea-Tac as the busiest airport in the Pacific Northwest region, are increasingly attractive targets for cybercriminals.”
“Threats to shipping ports, airports, and other physical infrastructure can not only create a nightmare for travelers, but also emphasize the fragility of many of these interconnected systems and cause lasting supply chain issues. This incident underscores the need for continuous vigilance to protect the operational integrity of such essential services,” added Tausek.
In April 2023, the European Air Traffic Control Agency (Eurocontrol) suffered a disruptive cyber attack by the pro-Russian DDoS group Killnet. Fourteen US and two dozen European airports also suffered Killnet’s DDoS attacks.
Eurocontrol’s European Air Traffic Management Computer Emergency Response Team’s data shows that airlines lose at least a billion dollars annually due to cyber attacks.
“Our research shows that airlines continue to be an irresistible target for cybercriminals, targeted by 61% of all detected aviation cyber-attacks in 2020, and losing around $1 billion a year from fraudulent websites alone,” the agency said.