Services
Services

Assess

Cyber Incident Response Plan

Cyber Security Risk Assessment

Ransomware Readiness Assessment

Penetration Testing

Red Teaming

Open Source Intelligence (OSINT)

Top Ransomware Groups

Protect

Managed Firewall

Managed Network Security

Patch Management

Remote Worker Security

Security Hardening

Vulnerability Management

Wi-Fi Security

Detect

Cloud Extended Detection & Response (XDR)

Cyber Threat Intelligence

Managed Endpoint Detection & Response (MDR)

Network Indicator of Compromise Monitoring (IOC)

Security Information & Event Management (SIEM)

Purple Teaming

Blue Teaming

Respond

Business Email Compromise Response

Digital Forensics & Incident Response (DFIR)

PII Data Investigation

Recover

Disaster Recovery

Microsoft 365 Backup

Ransomware Data Recovery

Secure Backup

Train

Cyber Security Awareness Training

Phishing Simulation Training
Company
Company

About us

About us

Blog

Case studies

News

Contact us

24/7 Emergency: 0333 091 7040

Request a callback
Contact

Ransomware

Airport cyber attack highlights third-party risks

24th September 2025

Summary:

Over the weekend, a cyber-attack on third-party check-in software provider Collins Aerospace disrupted operations at Heathrow, Brussels, and Berlin airports. Airlines had to rely on manual processes, causing long queues, flight delays, cancellations, and additional costs for passenger rebooking, food, and accommodation. The incident is confirmed to be ransomware where thousands of computers were corrupted. This incident echoes the recent Jaguar Land Rover cyber-attack, demonstrating the extended financial, operational, and workforce impacts of such events.

Key observations

Third-party risk – The attackers behind the attack targeted Muze a popular check-in software used at airports.
Manual fallback is no substitute – While necessary, it is slow, costly, and damaging to customer trust.
Extended disruption is the norm – Recovery typically takes weeks, not days, as JLR’s extended shutdowns illustrate.
Familiar attack methods – While attribution is uncertain, the techniques align with those commonly seen in ransomware and supply-chain attacks.
Rebuilt systems – Systems rebuilt too early without understanding the wider impact can cause additional delays. According to an internal memo to Heathrow employees’ systems were rebuilt and relaunched only to find out that the attackers were still inside the system.

Risk to business

Downtime & financial loss – Cancelled services, compensation, and remediation costs.
Regulatory & legal exposure – Potential breaches of contracts, obligations, or compliance standards.
Reputation damage – Erosion of customer trust.
Workforce impact – Staff diverted to crisis management, creating knock-on operational issues.

Official response

The NCSC confirmed:

“We are working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident. All organisations are urged to make use of the NCSC’s free guidance, services and tools to help reduce the chances of a cyber attack and bolster their resilience in the face of online threats.”

This reinforces the importance of proactive resilience planning, backed by credible frameworks and services.

Zensec recommendations

As an NCSC-accredited provider, Zensec helps organisations act on exactly this kind of guidance. Our support focuses on three outcomes:

Bolster your security posture – Map dependencies, enforce vendor standards, test fallback systems.
Prepare for attack – Incident playbooks, rehearsed response scenarios, tested backups.
Recover quickly – Phased restoration, transparent comms, and reducing downtime from weeks to days.

Why Zensec?

Our NCSC accreditation means our methods are benchmarked against the UK’s highest standards. Combined with practical incident response experience, we’re equipped to help businesses strengthen defences, limit impact, and recover faster when incidents strike.

If your organisation wants to strengthen its cyber resilience and reduce disruption, Zensec can help you prepare, respond, and recover effectively.

Resolution update

In a positive development, the National Crime Agency (NCA) has arrested a man in his forties in West Sussex in connection with the Collins Aerospace cyber incident. As Deputy Director Paul Foster of the NCA’s National Cyber Crime Unit noted, “Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing.”

This highlights that while law enforcement action is critical, cyber resilience and preparation remain the first line of defence for businesses.

Proactive planning, robust third-party security, and tested response procedures continue to be essential in mitigating the operational and financial impact of such incidents.

Get in touch

Whether you want to strengthen your security through proactive planning, assess third-party risk, or test your existing cyber posture, or if you suspect a breach, contact our team today on 03330 917 040