LONDON: Cybercriminals are increasingly targeting high-profile organisations to secure larger ransoms and enhance their reputations within hacking communities.
This trend follows a major ransomware attack that disrupted airport check-in systems across Europe over the weekend, stranding thousands of passengers.
The European Union’s cybersecurity agency ENISA confirmed the hack on Collins Aerospace, owned by RTX, was a ransomware attack but did not disclose its origin.
The outage affected check-in and baggage drop services, impacting dozens of flights since Friday.
Rafe Pilling, Director of Threat Intelligence at British cybersecurity firm Sophos, stated that most ransomware activity still focuses on extortion through data encryption and theft.
He added that a subset of attacks designed for maximum disruption, often by Western-based groups, are becoming more visible and ambitious.
No group had claimed responsibility for the Collins Aerospace hack on dark web leak sites as of Monday.
Ransomware is malicious software used to encrypt a company’s data and demand payment for its release.
Many cybercriminal groups traditionally avoid high-profile targets to escape law enforcement attention.
Other groups, however, are growing more brazen in their target selection according to cybersecurity experts.
In April, hackers known as Scattered Spider were widely reported behind an attack that crippled British retailer Marks & Spencer.
The attack prevented the well-known retailer from taking online orders for several weeks.
Britain’s National Crime Agency charged two teenagers last Thursday over a 2024 cyberattack on London’s Transport for London.
The NCA said the TfL attack caused significant disruption and millions in losses.
Investigators believe the TfL attack was carried out by members of Scattered Spider.
The FBI stated Scattered Spider was involved in approximately 120 network intrusions, earning around $115 million in ransom payments.
Martyn Thomas, Emeritus Professor of IT at Gresham College in London, warned the problem will likely grow until software security improves.
He said cyber criminals have so far been motivated by disruption or financial gain.
Thomas cautioned that the same attack strategies could target critical healthcare or infrastructure systems to cause serious harm.
The pursuit of reputation within criminal circles is driving more risky attacks on high-profile targets.
Cybercriminals gain online clout and social standing among peers by successfully breaching major organisations.
Pilling noted a small but determined set of Western-based cybercriminals are becoming emboldened by past successes.
He emphasised their motivation is not solely financial but also includes gaining credibility within their networks. – Reuters