The FBI Warns of a Growing Threat to the Airline Sector: Scattered Spider

The Federal Bureau of Investigation (FBI) has issued a warning about a growing threat to the airline industry, citing a cybercrime group known as Scattered Spider. According to the FBI, this group is now targeting airlines and their third-party IT providers, including trusted vendors and contractors.

The FBI reports that Scattered Spider is using social engineering techniques to gain access to target organizations by impersonating employees or contractors. In many cases, threat actors employed methods to bypass multi-factor authentication (MFA), by tricking victims’ help desk services to add unauthorized MFA devices to compromised accounts.

The FBI is actively working with aviation and industry partners to address this activity and assist victims. The agency recommends that quickly reporting helps the FBI act fast, share intel, and limit damage. “Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise,” continues the alert.

Unit 42, a threat intelligence firm from Palo Alto Networks, has also issued a warning about another group, Muddled Libra (also known as Scattered Spider). According to Sam Rubin, Unit 42’s expert on LinkedIn, organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests.

Google has also issued a warning about the same group. In May, the search giant announced that the cybercrime group Scattered Spider, which was previously linked to attacks on UK retailers, is now shifting its focus to U.S. companies.

The FBI and their aviation industry partners are working together to combat this threat. By reporting incidents quickly and sharing intelligence, they aim to limit the damage caused by these attacks and protect the airline sector from this growing threat.

Protecting your organization from Scattered Spider requires vigilance and cooperation with your IT team, vendors, and contractors. Be aware of suspicious activity and report any incidents to your authorities immediately. By working together, we can prevent further compromise and keep our airline sector safe.

Follow me on Twitter: @securityaffairs, Facebook, and Mastodon for the latest news on cybersecurity threats.