WASHINGTON D.C. – A notorious hacker group is now setting its sights on the aviation sector, according to an FBI warning.
The cybercriminal organization known as Scattered Spider is allegedly deceiving IT help desks to infiltrate the U.S. airline industry. This revelation comes as the group, infamous for its attacks on MGM Resorts and Caesars Entertainment in 2023, employs sophisticated social engineering techniques to bypass security measures.
Immediate Impact
The FBI warns that Scattered Spider leverages social engineering by impersonating employees or contractors. Their tactics include convincing IT help desks to add unauthorized multi-factor authentication (MFA) devices to compromised accounts, posing a significant risk to large corporations and their third-party IT providers.
“Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI stated.
Despite these alarming tactics, the FBI did not indicate that the group’s actions compromise airline safety.
Key Details Emerge
Charles Carmakal, Chief Technology Officer at Google’s Mandiant, expressed concern over multiple incidents in the airline and transportation sectors resembling Scattered Spider’s operations. He emphasized the need for the industry to strengthen help desk identity verification processes to prevent unauthorized access.
“We recommend that the industry immediately take steps to tighten up their help desk identity verification processes,” Carmakal advised on LinkedIn.
Industry Response
In response to these threats, cybersecurity teams are on high alert. Unit 42, a threat research team under Palo Alto Networks, has also observed Scattered Spider’s focus on the aviation industry. Sam Rubin, Senior Vice President of Consulting and Threat Intelligence for Unit 42, urged organizations to be vigilant against social engineering attacks.
“Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests,” Rubin noted.
Regional Implications
Recent incidents highlight the group’s broad reach. Canada’s WestJet reported a cybersecurity incident affecting its internal systems and app, causing restricted access for users. Meanwhile, Hawaiian Airlines confirmed a cybersecurity event impacting some IT systems, although it assured that flight operations remain unaffected.
“We continue to safely operate our full flight schedule, and guest travel is not impacted,” Hawaiian Airlines stated.
Neither airline disclosed specifics about the perpetrators or the exact nature of the breaches. A Southwest Airlines spokesperson confirmed that their systems remained uncompromised.
What Comes Next
The aviation industry faces mounting pressure to bolster cybersecurity defenses as threats evolve. Experts urge immediate action to safeguard against sophisticated cyber threats that exploit human elements within security frameworks.
As investigations continue, the focus remains on enhancing security protocols and fostering collaboration between airlines and cybersecurity firms to mitigate risks and protect critical infrastructure.
