WASHINGTON, D.C. – A notorious cybercriminal group known as “Scattered Spider” has turned its focus to the aviation industry, breaching the computer networks of several airlines in the United States and Canada this month, according to the FBI and cybersecurity experts.
Breaking: Airlines Under Cyber Siege
The recent cyberattacks have not compromised airline safety, but they have put top cyber executives at major airlines on high alert. The hacking group, composed of young cybercriminals, is infamous for its aggressive tactics to extort or embarrass victims.
The timing is particularly significant as the busy summer travel season is in full swing. This marks the third major U.S. business sector, following insurance and retail, to suffer a wave of cyberattacks from this group in just two months.
Immediate Impact on the Aviation Sector
The FBI warned that Scattered Spider targets large companies and their IT contractors, suggesting that anyone within the airline ecosystem, including trusted vendors and contractors, could be at risk. “Once inside a victim’s network, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI stated.
“The FBI is actively working with aviation and industry partners to address this activity and assist victims,” the statement continued.
Key Details Emerge from Affected Airlines
Hawaiian Airlines and Canada’s WestJet have confirmed they are assessing the fallout from recent cyberattacks, although they did not name the perpetrators. Sources briefed on the investigation suggest more victims in the aviation industry could come forward.
WestJet’s issues began two weeks ago when it reported a “cybersecurity incident” affecting access to some services and software systems, including its customer app. Both airlines stated their operations were unaffected by the hacks.
Industry Response to Cyber Threats
The lack of impact on operations is likely a sign of strong internal network separations or effective business continuity and resiliency planning, according to Aakin Patel, former chief information security officer of Las Vegas’ main airport.
Jeffey Troy, president of the Aviation ISAC, noted that other segments of the aviation ecosystem are also seeing increased cyberattacks. “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts from geopolitical tensions,” Troy stated.
By the Numbers: Cyberattack Trends
Scattered Spider gained notoriety in September 2023, linked to multimillion-dollar hacks on Las Vegas casinos MGM Resorts and Caesars Entertainment.
Earlier this month, the group was suspected in a hack on insurance giant Aflac, potentially stealing sensitive data like Social Security numbers and health information. Previously, they targeted the retail sector, including Ahold Delhaize USA.
What Comes Next for the Aviation Industry
The Scattered Spider hacks have mobilized industry-wide responses. In-house cybersecurity experts at major airlines are closely monitoring the situation, with firms like Google-owned Mandiant assisting in recovery efforts and urging airlines to secure customer service call centers.
One of Scattered Spider’s preferred infiltration methods is impersonating employees or customers in calls to help desks, a technique proving highly effective in accessing corporate networks.
Expert Analysis on Cybersecurity Measures
“Airlines rely heavily on call centers for support needs,” Patel told CNN, making them “a likely target for groups like this.”
Mandiant’s chief technology officer, Charles Carmakal, stated that the group’s core tactics remain consistent, and they are aware of multiple incidents in the airline and transportation sectors resembling Scattered Spider’s operations.
Regional Implications and Future Outlook
The announcement comes as the aviation industry braces for potential further disruptions. The FBI and cybersecurity firms continue to work closely with affected companies to mitigate risks and bolster defenses against future attacks.
As the situation develops, industry leaders stress the importance of robust cybersecurity measures and vigilant monitoring to safeguard against evolving threats.