WASHINGTON, D.C. – A notorious cybercriminal group has set its sights on the aviation industry, successfully breaching the computer networks of several airlines in the United States and Canada this month, according to the FBI and private cybersecurity experts.
Immediate Impact on Airlines
The hacking incidents, attributed to a network of young cybercriminals known as “Scattered Spider,” have not compromised airline safety. However, they have put top cyber executives at major airlines across the United States on high alert. The group is infamous for its aggressive tactics to extort or embarrass victims.
This development occurs as the busy summer travel season reaches its peak, adding a fresh headache for the travel industry. The aviation sector is now the third major U.S. business sector in two months, following insurance and retail, to be targeted by cyberattacks linked to Scattered Spider.
Key Details Emerge
The hackers specifically target large companies and their IT contractors, posing a risk to anyone within the airline ecosystem, including trusted vendors and contractors. The FBI confirmed Friday night that Scattered Spider is responsible for these breaches.
“Once inside a victim’s network, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI stated.
The FBI is actively collaborating with aviation and industry partners to address this activity and assist victims. Hawaiian Airlines and Canada’s WestJet have confirmed they are assessing the fallout from recent cyberattacks, although neither named the perpetrators.
Industry Response
WestJet’s issues began two weeks ago when the airline reported a “cybersecurity incident” that affected access to some services and software systems, including its customer app. Despite the breaches, both WestJet and Hawaiian Airlines reported that their operations remained unaffected.
The lack of operational impact is “likely a sign of good internal network separations or good business continuity and resiliency planning,” said Aakin Patel, former chief information security officer of Las Vegas’ main airport.
According to Jeffey Troy, president of the Aviation ISAC, an industry group for sharing cyber threats, the attacks are not limited to airlines but extend to other segments of the aviation ecosystem. “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating from geopolitical tensions around the world,” Troy stated.
Expert Analysis
Scattered Spider’s tactics include calling help desks and pretending to be employees or customers, a method that has proven effective in infiltrating large companies. “Airlines rely heavily on call centers for a lot of their support needs,” Patel explained, making them “a likely target for groups like this.”
Scattered Spider gained prominence in September 2023 after being linked to multimillion-dollar hacks on Las Vegas casinos and hotels MGM Resorts and Caesars Entertainment. The group tends to focus on one sector for extended periods, having previously targeted the insurance and retail sectors.
What Comes Next
Cybersecurity firms, including Google-owned Mandiant, are assisting airlines in recovery efforts and urging them to secure their customer service call centers. Mandiant’s chief technology officer, Charles Carmakal, noted that the group’s core tactics have remained consistent, and multiple incidents in the airline and transportation sector resemble Scattered Spider’s operations.
“The actor’s core tactics, techniques, and procedures have remained consistent,” Carmakal said, emphasizing the ongoing threat to the sector.
The aviation industry is mobilizing to respond to these threats, with in-house cybersecurity experts at major airlines closely monitoring the situation. As the investigation continues, more victims in the aviation industry may come forward, according to sources familiar with the situation.
The timing of these attacks is particularly significant as airlines brace for increased travel demand. The industry’s response and resilience in the face of these cyber threats will be closely watched in the coming weeks.
