The Top Cyberattacks Against Airports

Last fall, European airports were thrown into chaos when a ransomware attack on an IT provider took down check-in systems, causing delays, cancellations, stranded passengers, and widespread frustration among travelers. 

The European airport cyberattack is the latest in a series of digital attacks on airports, but it’s by no means the only one. Over the past few years, cyberattacks against airports have surged in both frequency and impact, underscoring the vulnerability of operational technology (OT) and IoT-driven environments. 

Why do Cybercriminals Target Airports? 

Airports are increasingly “smart,” but that intelligence comes with exposure. Every connected kiosk, badge reader, sensor, and conveyor belt becomes part of a sprawling, often poorly-monitored network.

These interconnected systems create cascading risk, and often the problem is exacerbated by third-party vendors that introduce hidden vulnerabilities. For an attacker interested in disrupting critical infrastructure, these vulnerabilities become attractive targets.

Below are some of the most significant airport-specific cyber incidents, and what they reveal about airports’ growing attack surface.

1. The 2025 European Airport Check-In System Meltdown

In September 2025, a ransomware attack on a shared airport platform used across Europe triggered widespread disruption. Systems supporting check-in, boarding, and baggage handling went dark across major hubs. Airports, including Heathrow, Berlin, and Brussels, were forced to revert to manual processes: pen, paper, and long lines. Hundreds of flights were delayed or canceled.
This incident was more than an IT outage. The affected platform connected multiple airport systems, including kiosks, boarding gates, and baggage infrastructure, many of which are IoT-enabled endpoints. A single compromised vendor created a cascading failure across an interconnected ecosystem.

2. Kuala Lumpur International Airport Ransomware Attack  

In March 2025, Kuala Lumpur International Airport suffered a major cyberattack that disrupted flight information displays, check-in systems, and baggage handling. Hackers reportedly stole massive amounts of data and demanded a $10 million ransom, while airport operations descended into confusion. Malaysia Airports Holdings Berhad claimed that operations were not affected, but two days later, Malaysian Prime Minister Anwar Ibrahim called the disruption “quite heavy” and said that a ransom demand for $10 million had been refused.

3. U.S. Airport Website DDoS Attacks

In October 2022, a wave of distributed denial-of-service (DDoS) attacks took down the public-facing websites of more than a dozen U.S. airports, including major hubs like LaGuardia and LAX. The attacks didn’t directly halt airport operations, but they disrupted passenger communications and exposed how easily critical digital infrastructure can be overwhelmed.
This attack might have only targeted websites, but sites often share infrastructure with operational systems. In highly connected environments, weak segmentation between IT, IoT, and OT networks can allow attackers to dig deeper into an airport’s systems.

4. German Airport Cyber Disruptions 

In early 2023, several German airport websites were knocked offline in coordinated cyberattacks, again attributed to large-scale DDoS campaigns. These incidents followed a broader pattern of politically motivated attacks targeting transportation infrastructure.
Airports rely on tightly integrated systems, from passenger processing to security controls. Even surface-level disruptions can create downstream effects if backend systems are interconnected with IoT-enabled services.

5. San Francisco International Airport Credential Harvesting 

In 2020, attackers injected malicious code into login portals used by employees and partners at San Francisco International Airport, aiming to steal credentials. The breach forced password resets and raised concerns about unauthorized access to internal systems.
Credential theft is usually the first step in any cyber attack. Once attackers gain access to a system, they can move laterally into connected systems, including IoT devices like security cameras, access controls, and operational systems that are rarely designed with strong authentication.

6. Prague Airport Malware Attempts 

In 2020, Prague Airport detected and stopped multiple malware attempts targeting its systems before they could fully execute. While ultimately unsuccessful, the attacks were designed to damage or disrupt critical infrastructure.
Modern airports operate as cyber-physical systems. Malware targeting workstations can often be a stepping stone toward disrupting connected infrastructure: everything from runway lighting systems to baggage handling networks.

Close security gaps with Asimily

Airports are deeply connected places. Connected devices are in use in almost every part of an airport, from baggage tracking to crowd management to self-service kiosks. However, traditional cybersecurity tools weren’t built for environments where thousands of unmanaged, embedded, and IoT devices operate alongside critical infrastructure.

Asimily helps organizations uncover, monitor, and secure every connected device without disrupting operations. From baggage systems to building controls, Asimily provides the visibility and control needed to protect complex, high-stakes environments like airports.

Learn how Asimily can help you secure your IoT and OT environments before attackers find them first.