NEW YORK – A notorious cybercriminal group has shifted its focus to the aviation industry, successfully breaching the computer networks of multiple airlines in the United States and Canada this month, according to the FBI and private experts.
Immediate Impact
The hacking incidents have not affected airline safety, but they have put top cyber executives at major airlines across the United States on high alert. The culprits, a network of young cybercriminals known as “Scattered Spider,” are infamous for their aggressive tactics to extort or embarrass their victims.
This development arrives as the travel industry gears up for the busy summer season, marking the third major US business sector, after insurance and retail, to face a barrage of cyberattacks linked to this group in the past two months.
Key Details Emerge
The hackers target large companies and their IT contractors, meaning anyone within the airline ecosystem, including trusted vendors and contractors, could be at risk. The FBI, in a recent statement, identified Scattered Spider as the perpetrator of the airline hacks. “Once inside a victim’s network, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the statement noted.
“The FBI is actively working with aviation and industry partners to address this activity and assist victims.”
Industry Response
Hawaiian Airlines and Canada’s WestJet confirmed they are assessing the fallout from recent cyberattacks, though neither airline named the perpetrators. More victims in the aviation industry may come forward, according to sources briefed on the investigation.
WestJet’s issues began two weeks ago with a “cybersecurity incident” affecting access to some services and software systems, including its customer app. Both WestJet and Hawaiian Airlines reported that their operations remained unaffected by the hacks.
“The lack of impact on operations is likely a sign of good internal network separations or good business continuity and resiliency planning,” said Aakin Patel, former chief information security officer of Las Vegas’ main airport.
Expert Analysis
According to Jeffey Troy, president of the Aviation ISAC, an industry group for sharing cyber threats, the attacks are not limited to airlines but extend to other segments of the aviation ecosystem. “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating out of geo-political tensions around the world,” Troy stated.
The fine margins for error in the airline industry were highlighted when a separate IT outage, apparently unrelated to malicious cyber activity, caused delays for some American Airlines passengers.
Background Context
Scattered Spider gained notoriety in September 2023 after being linked to multimillion-dollar hacks on Las Vegas casinos and hotels, including MGM Resorts and Caesars Entertainment. The group typically targets one sector for weeks at a time. Earlier this month, they were suspected in a hack of insurance giant Aflac, potentially stealing Social Security numbers, insurance claims, and health information. Before that, the retail sector was targeted, including Ahold Delhaize USA, which shares a parent company with the Giant and Food Lion grocery chains.
“The actor’s core tactics, techniques, and procedures have remained consistent,” said Charles Carmakal, Mandiant chief technology officer, noting multiple incidents in the airline and transportation sector resembling Scattered Spider operations.
What Comes Next
The Scattered Spider hacks have mobilized industry-wide responses. In-house cybersecurity experts at major airlines are closely monitoring the situation, while cybersecurity firms like Google-owned Mandiant are aiding recovery efforts and urging airlines to secure their customer service call centers.
One of Scattered Spider’s preferred infiltration methods is impersonating employees or customers during calls to help desks. This technique has proven highly effective for accessing big companies’ networks.
“Airlines rely heavily on call centers for a lot of their support needs,” Patel explained, making them “a likely target for groups like this.”
The situation remains fluid, with ongoing investigations and responses from both public and private sectors aimed at mitigating further risks and strengthening defenses against these persistent cyber threats.