Airline industry under threat as spider species aggressively focuses on attacked by FBI authorities
In recent weeks, a series of cyber incidents have been reported to impact North American airlines. Two major airlines, WestJet Airlines and Hawaiian Airlines, have been affected, with each disclosing separate incidents involving their internal systems and IT infrastructure.
On June 13, Canadian-based WestJet Airlines revealed a cybersecurity incident, while Hawaiian Airlines disclosed a "cybersecurity event" on June 26. Both airlines have reported that flight operations remain unaffected, but further details about the separate incidents have yet to be disclosed.
Investigations into these incidents suggest that the cybercriminal collective known as Scattered Spider may be involved. According to reports, Scattered Spider leveraged compromised credentials from Tata Consultancy Services (TCS) to infiltrate systems. This is not the first time Scattered Spider has been linked to high-profile attacks – in late April, the group was associated with a string of attacks on UK retailers.
The FBI has issued a warning about Scattered Spider, suspecting the group of conducting cyberattacks using fake domains and expanding their operations. This includes a recent cyberattack on the Australian airline Qantas. In response, the FBI is working with aviation and industry partners to address this activity and assist victims.
Scattered Spider is known for targeting large corporations and their third-party IT providers. This means that anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk. The group uses social engineering techniques to deceive IT help desks into harvesting credentials of high-value users. Once inside a system, they steal sensitive data for extortion and often deploy ransomware.
The FBI encourages early reporting of incidents to prevent further compromise. The incidents involving Scattered Spider have already resulted in significant financial costs for some companies due to operational disruptions. For example, the incidents have caused significant financial losses for M&S and The Co-op.
As the threat of cyberattacks continues to evolve, it is crucial for businesses and organisations to remain vigilant and take necessary measures to protect their systems and data. This includes implementing strong security protocols, regularly updating software, and educating employees about the risks of phishing attacks and social engineering techniques.
