WASHINGTON, D.C. – A notorious cybercriminal group has set its sights on the aviation industry, successfully infiltrating the computer networks of several airlines in the United States and Canada this month, according to the FBI and private cybersecurity experts.
Immediate Impact
While the hacking has not compromised airline safety, it has placed top cybersecurity executives on high alert. The culprits, a network of young hackers known as “Scattered Spider,” are notorious for their aggressive tactics aimed at extorting or embarrassing their victims. The timing is particularly significant as the travel industry gears up for the busy summer season.
Key Details Emerge
This marks the third major US business sector, following insurance and retail, to be targeted by Scattered Spider in recent months. The group primarily targets large companies and their IT contractors, which means that anyone within the airline ecosystem, including trusted vendors and contractors, could be at risk.
“Once inside a victim’s network, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI stated.
The FBI is actively collaborating with aviation and industry partners to address the threat and assist victims.
Industry Response
Hawaiian Airlines and Canada’s WestJet have confirmed they are assessing the impact of recent cyberattacks. Although neither airline named the perpetrators, sources briefed on the investigation suggest more victims in the aviation industry may soon come forward.
WestJet’s issues began two weeks ago with a “cybersecurity incident” affecting access to some services and software systems, including its customer app. Both airlines reported that their operations remain unaffected.
“The lack of impact on operations is likely a sign of good internal network separations or good business continuity and resiliency planning,” said Aakin Patel, former chief information security officer of Las Vegas’ main airport.
By the Numbers
- 3 major US sectors targeted in recent months: aviation, insurance, retail
- 2 airlines confirmed assessing cyberattack impacts: Hawaiian Airlines, WestJet
- 1 network of hackers: Scattered Spider
Expert Analysis
According to Jeffey Troy, president of the Aviation ISAC, “segments of the aviation ecosystem” are increasingly under cyberattack. “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating out of geopolitical tensions around the world,” Troy stated.
One of Scattered Spider’s preferred methods involves impersonating employees or customers to gain access to networks, a technique that has proven effective against large corporations. “Airlines rely heavily on call centers for support, making them a likely target,” Patel explained.
Background Context
Scattered Spider gained notoriety in September 2023 when linked to multimillion-dollar hacks on Las Vegas casinos and hotels MGM Resorts and Caesars Entertainment. The group’s focus shifts between sectors, with recent targets including insurance giant Aflac and the retail sector’s Ahold Delhaize USA.
“The actor’s core tactics, techniques, and procedures have remained consistent,” noted Charles Carmakal, Mandiant’s chief technology officer.
What Comes Next
The ongoing situation has mobilized cybersecurity experts across the industry. Major airlines are closely monitoring developments, while firms like Google-owned Mandiant are assisting with recovery efforts and urging airlines to secure their customer service call centers.
The move represents a significant shift from previous targets, highlighting the evolving nature of cyber threats in the aviation sector. As the investigation unfolds, industry stakeholders remain vigilant, and further developments are anticipated in the coming weeks.
