Rampant cybercriminal group targets Canada and U.S. airlines

A notorious cybercriminal group called Scattered Spider has targeted the U.S. and Canadian aviation industry in recent weeks, successfully infiltrating the computer networks of several airlines. The group, best known for its aggressive attempts to extort and embarrass its victims, is now posing a serious threat to the industry ahead of the busy summer travel season, according to the FBI and private security experts who are tracking the attacks.

While the attacks have not disrupted flight safety, they have put cybersecurity officials at U.S. airlines on high alert. The FBI officially identified the group as the perpetrator of the recent attacks in a statement Friday night, saying: The group infiltrates the networks of large companies and their IT contractors, steals sensitive data for extortion, and often installs ransomware.

WestJet and Hawaiian Airlines said this week they were still investigating the fallout from the cyberattacks. They did not name the perpetrators directly. Sources familiar with the investigation said there were likely more victims in the industry that had not yet made public.

Two weeks ago, WestJet said a “cybersecurity incident” had disrupted access to some of its services and software systems, including its customer app. However, the airline’s flights and core operations were not affected, which security experts said was a sign of proper internal network isolation and contingency planning.

“Not only airlines but also other parts of the aviation ecosystem are increasingly vulnerable to cyberattacks, and our members are acutely aware of financial attacks and the collateral consequences of geopolitical tensions around the world,” said Jeffrey Troy, president of ISAC Aviation, a trade association that shares cyber threats to the industry.

The cybercriminal group, which made headlines in September 2023 with a multimillion-dollar hack of the MGM Resorts and Caesars Entertainment casinos and hotels in Las Vegas, typically targets one industry segment at a time for several weeks at a time. They have previously attacked insurance companies, retailers, and now the aviation industry.

One of the group’s popular infiltration methods is to call support centers and impersonate employees or customers. This simple but effective technique allows them to gain access to large corporate networks. Because airlines rely on call centers for a large portion of their services, this makes them more vulnerable to these types of attacks.

“Airline call centers are an attractive target for these groups,” said cybersecurity experts including Akin Patel, former director of information security at Las Vegas’s main airport.

Security firm Mandiant, a Google subsidiary, is also working with airlines to improve security and recover systems, and said the group’s patterns and methods remain consistent and have been seen in numerous attacks across the aviation and transportation industries.

The incident comes as another IT problem unrelated to the cyberattack delayed some American Airlines flights on Friday, showing how small mistakes in the industry can have serious consequences.

In short, the North American aviation sector is now facing a new and serious cyber threat, one that seems to have no end in sight.

News source