WASHINGTON, D.C. – The FBI has issued a stark warning about the cybercriminal group known as Scattered Spider, which is now targeting the aviation industry in the United States. This notorious group, which gained notoriety earlier this year for high-profile attacks on MGM Resorts and Caesars Entertainment, is employing sophisticated social engineering techniques to infiltrate airline systems.
Immediate Impact
According to the FBI, Scattered Spider is deceiving IT help desks by impersonating employees or contractors, thereby gaining unauthorized access to sensitive information. These tactics often involve bypassing multi-factor authentication (MFA) by persuading help desk personnel to add unauthorized devices to compromised accounts.
“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access,” the FBI stated.
The FBI emphasized that the group is targeting large corporations and their third-party IT providers, putting the entire airline ecosystem, including trusted vendors and contractors, at risk.
Key Details Emerge
Once inside the systems, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. However, the FBI clarified that there is no indication that these actions affect airline safety directly.
Charles Carmakal, Chief Technology Officer at Google’s Mandiant, a cybersecurity firm, highlighted the urgency of the situation on LinkedIn, stating they were aware of multiple incidents in the airline and transportation sector resembling Scattered Spider’s operations.
“We recommend that the industry immediately take steps to tighten up their help desk identity verification processes,” Carmakal advised.
Industry Response
Unit 42, a cybersecurity threat research team under Palo Alto Networks, also observed Scattered Spider’s activities targeting the aviation sector. Sam Rubin, Senior Vice President of Consulting and Threat Intelligence for Unit 42, urged organizations to be vigilant against sophisticated social engineering attacks.
“Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests,” Rubin warned.
By the Numbers
- Scattered Spider’s attacks in 2023: MGM Resorts and Caesars Entertainment
- Potential targets: Large corporations, third-party IT providers, airline ecosystem
Regional Implications
Recent incidents highlight the group’s reach. Canada’s WestJet recently reported a cybersecurity incident affecting its internal systems and app, leading to restricted access for several users. Meanwhile, Hawaiian Airlines confirmed a cybersecurity event impacting some IT systems, though it assured that flight operations remain unaffected.
Neither airline has disclosed the perpetrators behind these incidents, while Southwest Airlines confirmed its systems remain uncompromised.
What Comes Next
As the aviation industry grapples with these threats, cybersecurity experts stress the importance of robust security measures. Organizations are advised to enhance their identity verification processes, particularly concerning help desk operations, to prevent unauthorized access.
The announcement comes as cybersecurity threats continue to evolve, with Scattered Spider representing a significant challenge to the aviation sector. Industry leaders are urged to remain vigilant and proactive in safeguarding their systems against such sophisticated attacks.
