WASHINGTON, D.C. – A notorious cybercriminal group known as “Scattered Spider” has breached the computer networks of multiple airlines in the United States and Canada this month, according to the FBI and cybersecurity experts.
Immediate Impact on the Aviation Industry
The hacking incidents have not compromised airline safety, but they have put major airlines on high alert. The cybercriminals, a network of young hackers, are known for their aggressive tactics to extort and embarrass victims. This development comes as the summer travel season reaches its peak, adding pressure to an already strained industry.
This wave of attacks marks the third major U.S. business sector targeted by cyberattacks in the last two months, following similar incidents in the insurance and retail sectors.
Key Details Emerge
The hackers focus on large companies and their IT contractors, meaning anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. The FBI stated that once inside a victim’s network, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.
The FBI is actively working with aviation and industry partners to address this activity and assist victims.
Confirmed Incidents
Hawaiian Airlines and Canada’s WestJet have confirmed they are assessing the impact of recent cyberattacks. Although they did not name the perpetrators, sources indicate more victims in the aviation industry may come forward.
WestJet’s issues began two weeks ago, affecting access to some services and software systems, including its customer app. Both airlines reported no operational disruptions due to the hacks.
Industry Response
The lack of operational impact is likely due to robust internal network separations or effective business continuity and resiliency planning, according to Aakin Patel, former chief information security officer at Las Vegas’ main airport.
Jeffey Troy, president of the Aviation ISAC, noted that not only airlines but other segments of the aviation ecosystem are experiencing increased cyberattacks. Members are alert to financially motivated attacks and potential collateral impacts from geopolitical tensions worldwide.
Expert Analysis
Scattered Spider’s tactics include impersonating employees or customers to infiltrate corporate networks, a method that has proven effective. Airlines, reliant on call centers for support, are particularly vulnerable to such attacks.
Airlines rely heavily on call centers for a lot of their support needs, making them a likely target for groups like this. – Aakin Patel
Background Context
Scattered Spider gained notoriety in September 2023 after being linked to multimillion-dollar hacks on Las Vegas casinos and hotels, including MGM Resorts and Caesars Entertainment. The group tends to focus on one sector at a time, previously targeting insurance and retail companies.
The actor’s core tactics, techniques, and procedures have remained consistent. – Charles Carmakal, Mandiant CTO
What Comes Next
As the situation evolves, in-house cybersecurity experts at major airlines are closely monitoring developments. Cybersecurity firms like Google-owned Mandiant are assisting with recovery efforts and advising airlines to secure their customer service call centers.
The aviation industry must remain vigilant as it navigates the challenges posed by these sophisticated cyber threats. The response from industry leaders and cybersecurity experts will be crucial in mitigating future risks and protecting sensitive data.