The Scattered Spider hacker group has a new industry in its crosshairs
The FBI is warning that the Scattered Spider cyber crime group has expanded its activities to target the airline industry, with both Hawaiian Airlines and Canada’s WestJet confirming cybersecurity incidents.
Scattered Spider uses social engineering techniques, often impersonating employees or contractors, to deceive IT help desks into granting access, the FBI warned in an advisory late last week.
The group is often able to bypass multi-factor authentication (MFA), for example, by convincing help desk services to add unauthorized MFA devices to compromised accounts.
“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI said.
“Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims.”
Scattered Spider warning comes after airlines targeted
The warning follows an alert from Hawaiian Airlines late last week that a cyber incident was affecting some of its IT systems. It was still operating its full flight schedule, it said.
“We have taken steps to safeguard our operations, and our flights are operating safely and as scheduled. Upon learning of this incident, we engaged the appropriate authorities and experts to assist in our investigation and remediation efforts,” it said.
“We are currently working toward an orderly restoration and will provide updates as more information is available.”
Earlier this month, Canada’s WestJet said it was shoring up its defences after an incident that saw access for several users restricted. The airline is investigating the incident with the help of third-party cybersecurity experts and forensic specialists.
It’s not been confirmed who was behind the attacks. However, last week, security firm Halcyon warned that Scattered Spider was now targeting new sectors – not just aviation but also food and manufacturing in the US.
“Scattered Spider attacks disrupt entire organizations from top to bottom, creating ripple effects that threaten financial viability, customer trust, and operational continuity,” the company said in an advisory.
“These attacks unfold swiftly and ruthlessly, transforming ordinary systems in just hours.”
Airline industry warnings continue
There have been similar warnings for aviation companies from Palo Alto’s Unit 42, with SVP of consulting and threat intelligence Sam Rubin warning them to be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests.
Darren Williams, CEO and founder of BlackFog, said the airline industry is a prime target for threat actors due to the huge disruption that attacks can cause for both operators and commuters globally.
Moreover, the industry processes huge volumes of sensitive consumer data, making airlines a lucrative target.
“With international travel currently at its peak, the aviation industry is under immense pressure to deliver seamless service, and cyber criminals are exploiting that pressure,” he said.
“The sector is a treasure trove for cyber criminals, handling vast amounts of valuable passenger data.”
“With incidents like this one highlighting how threat actors are actively and deliberately targeting airlines, operators must remain vigilant, investing in robust defences that safeguard customer data, protect operations, and customer trust.”
MORE FROM ITPRO
Source link
