NEW YORK – A notorious cybercriminal group has set its sights on the aviation industry, successfully infiltrating the computer networks of multiple airlines in the United States and Canada this month, according to the FBI and cybersecurity experts.
Immediate Impact
The recent breaches have not compromised airline safety, but they have heightened alert levels among top cybersecurity executives at major US airlines. The culprits, a network of young hackers known as Scattered Spider, are infamous for their aggressive extortion tactics.
This development presents a new challenge for the travel industry as the bustling summer travel season reaches its peak. It marks the third major US business sector, following insurance and retail, to be targeted by the group in recent months.
Key Details Emerge
The hackers primarily target large corporations and their IT contractors, increasing the risk for anyone within the airline ecosystem, including trusted vendors and contractors. The FBI confirmed on Friday that Scattered Spider is responsible for the attacks, stating, “Once inside a victim’s network, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware.”
The FBI is actively working with aviation and industry partners to address this activity and assist victims.
Industry Response
Hawaiian Airlines and Canada’s WestJet have confirmed they are assessing the impact of recent cyberattacks, although they have not publicly identified the perpetrators. Sources familiar with the investigation suggest more victims within the aviation industry may emerge.
WestJet experienced issues starting two weeks ago, when it reported a “cybersecurity incident” affecting access to some services and software systems, including its customer app. Both WestJet and Hawaiian Airlines reported that their operations remain unaffected by the breaches.
Expert Analysis
The lack of operational disruption is “likely a sign of good internal network separations or good business continuity and resiliency planning,” according to Aakin Patel, former chief information security officer of Las Vegas’ main airport.
Jeffey Troy, president of the Aviation ISAC, emphasized the broader threat, stating, “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating out of geopolitical tensions around the world.”
By the Numbers
- 3 major US sectors targeted by Scattered Spider in recent months
- 2 airlines confirmed assessing cyberattack impacts
- 0 operational disruptions reported by affected airlines
What Comes Next
The Scattered Spider hacks have prompted a swift response across the industry. In-house cybersecurity experts at major airlines are closely monitoring the situation, while firms like Google-owned Mandiant are aiding recovery efforts and urging airlines to secure their customer service call centers.
Scattered Spider’s preferred infiltration method involves impersonating employees or customers in calls to help desks, a technique that has proven highly effective for accessing corporate networks.
Background Context
Scattered Spider gained notoriety in September 2023 for multimillion-dollar hacks on Las Vegas casinos and hotels, including MGM Resorts and Caesars Entertainment. The group typically focuses on one industry sector for extended periods, recently suspected in a hack of insurance giant Aflac, potentially compromising sensitive personal data.
Before targeting the aviation sector, the group was linked to attacks on the retail sector, including Ahold Delhaize USA, which shares a parent company with Giant and Food Lion grocery chains.
Timeline of Events
- September 2023: Scattered Spider linked to Las Vegas casino hacks
- Earlier this month: Suspected in Aflac insurance hack
- Recent weeks: Targeting of US and Canadian airlines
According to Charles Carmakal, Mandiant’s chief technology officer, “The actor’s core tactics, techniques, and procedures have remained consistent,” adding that Mandiant is aware of multiple incidents in the airline and transportation sector resembling Scattered Spider’s operations.
The ongoing situation underscores the need for robust cybersecurity measures across the aviation industry as it navigates the complexities of modern threats.
