Rampant cybercriminal group targets US airlines
A notorious cybercriminal group, known for their aggressive efforts to extort or embarrass their victims, has shifted its attention to the aviation industry, successfully breaching the computer networks of multiple airlines in the United States and Canada this month.
The hacking, which has not affected airline safety but has top cyber executives at major airlines across the United States on alert, is attributed to a network of young cybercriminals called "Scattered Spider". The FBI confirmed that Scattered Spider was the perpetrator behind the airline hacks in a statement released on Friday night.
"Once inside (a victim's network), Scattered Spider actors steal sensitive data for extortion and often deploy ransomware," the FBI said. "The hackers target big companies and their IT contractors, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk."
The Aviation Industry Under Threat
The attack on WestJet, a Canadian airline, was reported two weeks ago, with the airline stating that it was responding to a "cybersecurity incident" that was affecting access "to some services and software systems," including its app for customers. Hawaiian Airlines also confirmed that it was assessing the fallout from recent cyberattacks, although the exact nature of the attack remains unknown.
According to sources briefed on the investigation, more victims in the aviation industry could come forward, highlighting the scope of the issue. The lack of impact on operations at the airlines is attributed to "good internal network separations or good business continuity and resiliency planning", according to Aakin Patel, the former chief information security officer of Las Vegas' main airport.
Increased Cyberattacks in the Aviation Ecosystem
The Scattered Spider hacks are part of a larger trend of increased cyberattacks targeting the aviation industry. Jeffey Troy, president of the Aviation ISAC, an industry group for sharing cyber threats, noted that "our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating out of geo-political tensions around the world."
The fine margins for error in the airline industry were on display recently, when a separate IT outage caused delays for some American Airlines passengers. The Scattered Spider hacks have mobilized people across the industry to respond, with in-house cybersecurity experts at major airlines closely monitoring the situation and cybersecurity firms such as Google-owned Mandiant helping with the recovery.
Scattered Spider's Tactics Revealed
One of Scattered Spider's preferred methods of infiltrating corporations is calling up help desks and pretending to be employees or customers. This technique has been highly effective for hackers to gain access to the networks of big companies, according to Patel.
"Airlines rely heavily on call centers for a lot of their support needs," Patel told CNN, making them "a likely target for groups like this." Scattered Spider gained attention in September 2023 when they were linked to a pair of multimillion-dollar hacks on Las Vegas casinos and hotels MGM Resorts and Caesars Entertainment.
The hackers tend to pick one sector to target for weeks on end. Earlier this month, they were the suspect in a hack of insurance giant Aflac that potentially stole Social Security numbers, insurance claims, and health information. Before that, it was the retail sector: The hackers targeted Ahold Delhaize USA, which has the same parent company as the Giant and Food Lion grocery chains.
"The actor's core tactics, techniques, and procedures have remained consistent," Mandiant chief technology officer Charles Carmakal said Friday in a statement. "It is aware of multiple incidents in the airline and transportation sector" that resemble the operations of Scattered Spider.