Cipher (Prosegur) identifies the five digital threats to the european aviation industry

Madrid, 26 September 2025 - Cipher, the Prosegur Group's cybersecurity unit, highlights the urgent need to strengthen cybersecurity in the aviation sector, amid a sustained increase in atttacks against critical digital infrastructure across Europe. While the recent incident at several European airports - which impacted boarding, check-in and baggage handling processes - demonstrates the magnitude of this type of risk, the truth is that these challenges are structural in nature and affect the sector's entire operational chain.

This reality makes cybersecurity not merely an operational consideration but a strategic imperative for maintaining aviation's role as a reliable foundation for global mobility, commerce and economic development.

During 2024, cyberattacks against essential operators increased by 43% in Spain, with this trend continuing to rise in 2025, according to Cipher's analysis. In this context, the Prosegur's cybersecurity unit has identified five main types of attacks that put the aviation sector at risk:

· Ransomware attacks: Malicious code that locks systems and demands payment for their restoration. This represents the biggest threat to the industry, affecting airports, airlines and suppliers alike.

· Cyber espionage: State-sponsored groups seek to steal strategic data such as flight plans, defense contracts, and aeronautical technology. APT41 (China), APT28 (Russia) and APT33 (Iran) have been identified as key players in these attacks.

· Supply chain attacks: Breaches of strategic suppliers can indirectly affect airlines and airports, causing massive operational disruptions.

· Device vulnerabilities: The integration of sensors and connected devices expands the attack surface and exposes aviation infrastructure to new forms of digital intrusion.

· Hacktivism and ideological attacks: Politically or socially motivated groups have launched targeted attacks on aviation infrastructure. In 2023, Mysterious Team Bangladesh attacked airports in Saudi Arabia in what appeared to be a protest linked to the conflict in Gaza.

David Fernández Granado, CEO of Cipher, emphasizes that today's threats "are characterized by their sophistication, persistence and diversity of motivations. In addition to ransomware, digital espionage represents a growing risk, as it provides access to strategic information such as routes, contracts, technology, and regulatory data. The increasing integration of networked digital systems expands the attack surface; without adequate protection measures, a single breach can trigger large-scale outages."

A cyber threats continue to evolve in sophistication and scope, Cipher is implementing a digital security strategy focused on four fundamental pillars: periodic cybersecurity audits that include external suppliers; strengthening early detection and threat intelligence; implementation of backup systems and continuity protocols that ensure operations even in the face of critical incidents and fostering collaboration between regulatory bodies, state institutions and private actors to develop common standards and share cyber threat intelligence, in line with European regulations such as NIS2.

"Strengthening digital security in the aviation sector is not only an operational necessity, but a strategic imperative. Prevention, resilience and institutional cooperation are the foundation for ensuring that aviation remains a reliable pillar of mobility, trade and development in an increasingly complex and challenging global environment," concludes Fernández Granado.