Seattle-Tacoma International Airport in Seattle, Washington, suffered through its third day of service disruptions today after a reported cyberattack disrupted services at the airport starting on Saturday.
According to the Port of Seattle, which owns and operates the airport, the attack resulted in “internet web system outages,” which impacted some of the systems at the airport. A more recent update today notes that “we continue to experience system outages” and that “we’re continuing to work closely with our partners to restore services.”
The official Seattle-Tacoma International Airport website remained offline as of Monday evening.
The Associated Press reported that officials are working on investigating the outages, have hired outside experts and are working with federal partners, including the Transport Security Administration and Customs and Border Protection. The report noted that though the airport is trying to minimize delays, travelers are facing longer than usual delays to pass security, check-in and collect bags.
There is scant solid information to know exactly what has occurred, but there’s a good chance that it involves ransomware. Three days of ongoing issues, systems taken offline — probably to stop lateral movement — and third-party experts called in sounds like ransomware.
“There are not enough details of the attack to know what is going on, but most undefined cyberattacks are later declared to be successful ransomware attacks,” Roger Grimes, data-driven defense evangelist at security awareness training company KnowBe4 Inc., told SiliconANGLE via email.
“Nearly all organizations, including most airlines and airports, are susceptible to cyberattacks. Why? Well, one of the biggest reasons is that 70% to 90% of all successful cyberattacks occur because of social engineering and phishing,” Grimes explained. “About one-third of successful cyberattacks involve unpatched software or firmware. Those two root hacking causes account for 90% to 99% of the risk in most organizations, including airlines and airports, and it’s been that way since the beginning of computers.”
The attack on the airport also raises concerns about the security of transportation links across the board. Nick Tausek, lead security automation architect at security automation company Swimlane Inc., oted that the attack “serves as a stark reminder of the vulnerabilities within critical infrastructure.”
“Airports, which serve as vital hubs in the global transportation network, specifically with Sea-Tac as the busiest airport in the Pacific Northwest region, are increasingly attractive targets for cybercriminals,” Tausek added. “This incident underscores the need for continuous vigilance to protect the operational integrity of such essential services.”