ATLANTA — A notorious cybercriminal group, known as Scattered Spider, has shifted its focus to the aviation industry, successfully breaching the computer networks of multiple airlines in the United States and Canada this month, according to the FBI and private cybersecurity experts.
Immediate Impact
The cyberattacks have not compromised airline safety, but they have put top cyber executives at major U.S. airlines on high alert. The group, primarily composed of young hackers, is infamous for its aggressive attempts to extort or embarrass its victims.
This development is a fresh headache for the travel industry as the busy summer travel season kicks into high gear. It marks the third major U.S. business sector in the last two months, after insurance and retail, to face a surge of cyberattacks linked to Scattered Spider.
Key Details Emerge
The hackers target large companies and their IT contractors, which means that anyone within the airline ecosystem, including trusted vendors and contractors, could be at risk. The FBI confirmed on Friday night that Scattered Spider is behind the recent airline breaches.
“Once inside a victim’s network, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI stated.
The FBI is actively collaborating with aviation and industry partners to address this activity and assist affected parties.
Industry Response
Hawaiian Airlines and Canada’s WestJet have confirmed they are still assessing the impact of recent cyberattacks, though they have not publicly identified the perpetrators. Sources briefed on the investigation suggest more victims within the aviation industry may come forward.
WestJet began experiencing issues two weeks ago, citing a “cybersecurity incident” that affected access to some services and software systems, including its customer app. Both airlines reported no impact on their operations.
“The lack of operational impact is likely a sign of good internal network separations or effective business continuity and resiliency planning,” said Aakin Patel, former chief information security officer of Las Vegas’ main airport.
By the Numbers
- Third major U.S. sector targeted in two months
- Multiple airlines in the U.S. and Canada breached
- Scattered Spider linked to multimillion-dollar hacks in September 2023
Expert Analysis
According to Jeffey Troy, president of the Aviation ISAC, an industry group for sharing cyber threats, the aviation ecosystem is experiencing increased cyberattacks. “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts from geopolitical tensions,” Troy stated.
The Scattered Spider hacks have mobilized industry-wide responses. In-house cybersecurity experts at major airlines are closely monitoring the situation, while firms like Google-owned Mandiant are assisting with recovery efforts.
“Airlines rely heavily on call centers for a lot of their support needs,” Patel noted, making them “a likely target for groups like this.”
Background Context
Scattered Spider gained notoriety in September 2023 for their involvement in multimillion-dollar hacks on Las Vegas casinos and hotels, including MGM Resorts and Caesars Entertainment. They typically target one sector for weeks, recently involving insurance giant Aflac and the retail sector, including Ahold Delhaize USA.
“The actor’s core tactics, techniques, and procedures have remained consistent,” Mandiant CTO Charles Carmakal stated, acknowledging multiple incidents in the airline and transportation sectors that resemble Scattered Spider’s operations.
What Comes Next
The timing of these attacks is particularly significant as the aviation industry braces for increased travel during the summer season. The industry is expected to enhance its cybersecurity measures, particularly around customer service call centers, to mitigate further risks.
As the situation develops, airlines and cybersecurity firms will continue to work closely to protect sensitive data and maintain operational integrity. The ongoing efforts to counteract Scattered Spider’s activities will be crucial in safeguarding the future of the aviation industry.
