WASHINGTON, D.C. – A notorious cybercriminal group has turned its sights on the aviation industry, breaching the computer networks of several airlines in the United States and Canada this month, according to the FBI and private cybersecurity experts.
Immediate Impact on the Aviation Sector
The cyberattacks have not compromised airline safety, yet they have put top cyber executives on high alert. The culprits, a network of young cybercriminals known as Scattered Spider, are infamous for their aggressive tactics aimed at extortion or public embarrassment of their targets.
This latest development comes as a significant challenge for the travel industry, coinciding with the peak of the summer travel season. Aviation is now the third major U.S. business sector to be targeted by cyberattacks from this group in the past two months, following insurance and retail.
Key Details Emerge
The hackers are focusing on large corporations and their IT contractors, which places anyone within the airline ecosystem, including trusted vendors and contractors, at risk. According to an FBI statement released Friday night, Scattered Spider actors infiltrate networks to steal sensitive data for extortion and often deploy ransomware.
The FBI is actively collaborating with aviation and industry partners to address this activity and assist victims.
Industry Response to the Breaches
Hawaiian Airlines and Canada’s WestJet have confirmed they are assessing the impact of recent cyberattacks, though neither has officially named the perpetrators. Sources familiar with the investigation suggest more victims in the aviation industry may soon come forward.
WestJet’s issues began two weeks ago, affecting access to some services and software systems, including its customer app. Both airlines reported no impact on their operations from the hacks.
Expert Analysis on Cybersecurity Measures
The lack of operational disruption is likely due to effective internal network separations or robust business continuity planning, according to Aakin Patel, former chief information security officer of Las Vegas’ main airport.
Jeffey Troy, president of the Aviation ISAC, an industry group for sharing cyber threats, noted that various segments of the aviation ecosystem are experiencing increased cyberattacks. His members remain vigilant against financially motivated attackers and collateral impacts from global geopolitical tensions.
By the Numbers
- Third major U.S. business sector targeted in two months
- Multiple airlines in the U.S. and Canada affected
- Potential for more victims to come forward
Background Context on Scattered Spider
Scattered Spider gained notoriety in September 2023 following multimillion-dollar hacks on Las Vegas casinos, including MGM Resorts and Caesars Entertainment. Their strategy often involves targeting one sector intensively for weeks. Earlier this month, they were linked to a hack on insurance giant Aflac, potentially compromising sensitive data such as Social Security numbers and health information.
The group’s tactics have remained consistent, as noted by Charles Carmakal, Mandiant’s chief technology officer, who confirmed awareness of multiple incidents in the airline and transportation sectors resembling Scattered Spider’s operations.
What Comes Next for the Industry
The Scattered Spider hacks have mobilized in-house cybersecurity experts across the industry, with firms like Google-owned Mandiant assisting in recovery efforts and advising airlines to secure their customer service call centers.
One of the group’s favored infiltration methods involves posing as employees or customers to gain network access through help desks. Given airlines’ reliance on call centers, these are likely targets for such groups, Patel emphasized.
As the aviation industry grapples with these challenges, the focus remains on strengthening cybersecurity measures and ensuring the safety and resilience of operations amid rising cyber threats.
