A new wave of cyberattacks is demonstrating a shift in criminal strategy, with hackers increasingly targeting major organizations to maximize disruption and enhance their status. This trend was highlighted over the weekend when a ransomware incident against aviation technology supplier Collins Aerospace, a unit of RTX, caused widespread flight cancellations and stranded passengers at airports across Europe. The EU’s cybersecurity agency, Enisa, confirmed the nature of the attack but has not yet identified its source.
The attack on critical aviation infrastructure represents a brazen move by cybercriminals who traditionally avoid high-profile targets to escape law enforcement scrutiny. Rafe Pilling, a director at the British cybersecurity firm Sophos, noted that while most ransomware focuses on data encryption for extortion, a subset of attacks is now deliberately engineered for maximum visibility and impact. As of Monday, no hacker group had publicly claimed responsibility for the Collins Aerospace breach on their typical dark web portals, an unusual silence for such a disruptive event.
This pattern of ambitious targeting is not isolated. Earlier this year, the hacker collective known as Scattered Spider was linked to an attack that severely disrupted British retailer Marks & Spencer. More recently, Britain’s National Crime Agency charged two teenagers in connection with a cyberattack on London’s public transport system, which investigators believe was also carried out by the same group. According to the FBI, Scattered Spider has been involved in approximately 120 network intrusions, earning an estimated $115 million in ransom payments.
Experts warn that the motivation extends beyond financial gain, with reputation and credibility within criminal circles becoming powerful drivers. Martyn Thomas, an Emeritus Professor of IT in London, cautioned that the current attack strategies, if directed at critical healthcare or infrastructure systems, could potentially cause serious injury or loss of life. He and other specialists stress that the problem is likely to intensify until software security and corporate IT evaluations improve significantly. This pursuit of notoriety is emboldening a small but determined set of cybercriminals, for whom a high-impact breach brings both financial reward and elevated social standing among their peers.