NEW YORK – A notorious cybercriminal group has turned its sights on the aviation industry, breaching the networks of several airlines in the United States and Canada this month, according to the FBI and cybersecurity experts.
Breaking: Scattered Spider’s New Target
The recent cyberattacks have not compromised airline safety; however, they have put top cybersecurity executives at major U.S. airlines on high alert. The culprits, a group of young cybercriminals known as Scattered Spider, are infamous for extortion and public embarrassment tactics against their victims.
This marks a new challenge for the travel industry as the busy summer travel season intensifies. The aviation sector is now the third major U.S. industry, following insurance and retail, to face a surge of cyberattacks linked to this criminal group in just two months.
Immediate Impact on the Aviation Industry
The hackers primarily target large corporations and their IT contractors, raising concerns that anyone within the airline ecosystem, including trusted vendors and contractors, might be at risk. “Once inside a victim’s network, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI stated on Friday night, identifying Scattered Spider as the perpetrator of these breaches.
The FBI is actively collaborating with aviation and industry partners to address this activity and assist victims.
Key Details Emerge
Hawaiian Airlines and Canada’s WestJet have confirmed they are assessing the impact of recent cyberattacks, though neither airline has publicly identified the attackers. Sources briefed on the investigation suggest more victims within the aviation sector may soon come forward.
WestJet’s troubles began two weeks ago when the airline reported a “cybersecurity incident” affecting access to some services and software systems, including its customer app. Both WestJet and Hawaiian Airlines reported that their operations remained unaffected by the hacks.
Industry Response
According to Aakin Patel, the former chief information security officer of Las Vegas’ main airport, the minimal impact on operations likely indicates robust internal network separations or effective business continuity and resiliency planning.
Jeffey Troy, president of the Aviation ISAC, an industry group for sharing cyber threats, noted that increased cyberattacks are affecting not just airlines but other segments of the aviation ecosystem. “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating from geopolitical tensions worldwide,” Troy stated.
Travelers at a WestJet check-in counter in Toronto Pearson International Airport on June 30, 2024. Cole Burston/Getty Images
By the Numbers
- 3 major U.S. sectors targeted in 2 months
- Multiple airlines in the U.S. and Canada affected
- Scattered Spider linked to multimillion-dollar hacks in Las Vegas
What Comes Next
The Scattered Spider hacks have galvanized the industry to respond. In-house cybersecurity experts at major airlines are closely monitoring the situation, while firms like Google-owned Mandiant are assisting with recovery efforts and urging airlines to secure their customer service call centers.
Scattered Spider’s preferred method involves impersonating employees or customers when contacting help desks, a technique that has proven highly effective in infiltrating major corporations.
“Airlines rely heavily on call centers for many of their support needs,” Patel explained, making them “a likely target for groups like this.”
Background Context
Scattered Spider gained notoriety in September 2023 when linked to multimillion-dollar hacks on Las Vegas casinos and hotels MGM Resorts and Caesars Entertainment. The group is known for targeting specific sectors for extended periods. Earlier this month, they were suspected in a hack of insurance giant Aflac, potentially compromising Social Security numbers, insurance claims, and health information. Before that, the retail sector was their focus, with companies like Ahold Delhaize USA affected.
“The actor’s core tactics, techniques, and procedures have remained consistent,” Mandiant chief technology officer Charles Carmakal stated, noting awareness of multiple incidents in the airline and transportation sector resembling Scattered Spider’s operations.
Expert Analysis
The recent series of cyberattacks on the aviation industry highlights the increasing sophistication and brazenness of cybercriminal groups like Scattered Spider. As the industry braces for potential future attacks, experts emphasize the importance of robust cybersecurity measures and industry-wide collaboration to mitigate risks.
With geopolitical tensions and financial motivations driving such attacks, the aviation sector must remain vigilant and proactive in its cybersecurity strategies to protect critical infrastructure and sensitive data.