Bristol Airport Suffers Ransomware Attack, British Airways Breach Caused By MageCart Skimmer

11 - 18 September 2018

Bristol Airport in Bristol, UK, suffered a ransomware attack last Friday morning.
Bristol Airport in Bristol, UK, suffered a ransomware attack last Friday morning. As a precautionary measure to contain the attack, the airport took several applications offline, including one that provides data for flight information screens. Whiteboards and marker pens were used in place of display screens as a result. The airport said that flights were unaffected, and no ransom was paid to recover the system.

Further investigation into the British Airways data breach found that the airline had been compromised by a threat actor dubbed MageCart, who infected the airline’s website with a skimmer script customised to siphon payment card data. MageCart had modified the website’s Modernizr JavaScript library with new lines of code at the bottom of the script. When the website loaded Modernizr from the baggage claim information page, the modified script allowed Modernizr to send payment data from the customer to MageCart’s server. The modified script applied to the website and mobile application, and it is unclear how MageCart had obtained access to modify Modernizr. 

[1] Cyber attack led to Bristol Airport blank screens
[2] British Airways Fell Victim To Card Scraping Attack

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence