In recent weeks, a notorious cybercriminal group has escalated its offensive, targeting the aviation sector with sophisticated cyberattacks on several airlines in both the United States and Canada. According to advisories from the Federal Bureau of Investigation (FBI) and cybersecurity specialists, this criminal enterprise has successfully infiltrated the computer networks of numerous airlines, raising alarms across the industry.
The impact of these breaches, while not directly affecting airline safety, has caused significant concern among key cybersecurity executives at major U.S.-based airlines. This is largely due to the identity of the hackers — a group of young cybercriminals operating under the name “Scattered Spider.” These individuals have made headlines for their aggressive tactics, particularly in extorting money from their victims or seeking to publicly embarrass them, thus creating apprehension as they execute their malicious activities.
As the busy summer travel season approaches, the timing of these cyberattacks adds pressure on the travel industry, which is already vulnerable due to the ongoing demand for air travel. This incident marks the third significant U.S. business sector impacted by cyberattacks in recent months, following similar attacks targeting the insurance and retail industries.
The modus operandi of these hackers involves targeting large corporations and their IT contractors, which extends the potential for collateral damage throughout the entire aviation ecosystem. As mentioned by the FBI in a statement, entities ranging from airlines to trusted vendors are equally susceptible to these attacks. Once the Scattered Spider group gains access to their target’s systems, they typically proceed to steal sensitive data, which they may use for extortion purposes while frequently implementing ransomware to exert pressure on victims.
The FBI has committed to combating these threats and working alongside aviation partners to both deter further attacks and assist current victims. In reply to the recent cyber incidents, Hawaiian Airlines and WestJet, a Canadian airline, have acknowledged that they are still evaluating the ramifications from these cyberattacks, even though they have refrained from disclosing specific details about the attackers involved.
WestJet’s troubles began approximately two weeks prior when the airline reported a “cybersecurity incident” that impacted access to certain services and software systems, including its customer application. Nonetheless, both Hawaiian Airlines and WestJet assured passengers that their flight operations remained unaffected by the intrusions.
Cybersecurity expert Aakin Patel, formerly the chief information security officer at Las Vegas’s primary airport, noted that the lack of any disruption to airline operations likely indicates that the airlines maintain effective internal network separations and robust business continuity strategies. This capability is crucial in mitigating the impacts of such cyber threats.
However, the issue transcends beyond the airlines themselves; other components of the aviation ecosystem, including various contractors and service providers, are under heightened cyber threat as highlighted by Jeffery Troy, the president of the Aviation Information Sharing and Analysis Center (ISAC). Troy expressed that members of this organization are particularly vigilant against attacks motivated by financial gain, which are spurred by the current geopolitical tensions globally.
The airline industry exemplifies a sensitive area where even brief outages can lead to significant operational delays. Such was the case recently, as some American Airlines passengers experienced delays due to an IT failure that was determined to be unrelated to cybercriminal interference.
In response to the Scattered Spider hacks, cybersecurity teams at major airlines are actively monitoring the situation closely, with firms such as Google-owned Mandiant stepping in to provide recovery assistance and stressing the importance of securing customer service call centers — a common entry point for cybercriminals.
Scattered Spider has garnered notoriety for exploiting social engineering tactics, particularly through deceptive phone calls to help desks, posing as employees or customers. This strategy has proven effective in infiltrating substantial corporate networks, targeting call centers primarily due to their integral role within airlines.
This group initially came into prominence in September 2023, after being linked to major multimillion-dollar breaches of casinos and hotels in Las Vegas, namely MGM Resorts and Caesars Entertainment. Scattered Spider tends to concentrate its efforts on distinct sectors for the duration of weeks, as exemplified by their more recent attacks on insurance behemoth Aflac, which potentially compromised sensitive information such as Social Security numbers and health details.
Charles Carmakal, Mandiant’s chief technology officer, affirmed that they are aware of similar incidents in the airline and transportation sectors that correspond with Scattered Spider’s noted tactics, suggesting a sustained and ongoing threat to both the aviation industry and the wider business ecosystem.
