Share this article on:
Powered by MOMENTUMMEDIA
For breaking news and daily updates,
subscribe to our newsletter.
The notorious hacking group, Scattered Spider, has moved away from retailers to focus on airlines and the travel sector.
The United States FBI has issued an alert warning of malicious cyber activity targeting the airline sector.
According to the FBI, the Scattered Spider hacking collective is now focusing its efforts on the airline industry.
“The FBI has recently observed the cyber criminal group Scattered Spider expanding its targeting to include the airline sector. These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access,” the FBI said in a post to X late last week.
“These techniques frequently involve methods to bypass multifactor authentication (MFA), such as convincing help desk services to add unauthorised MFA devices to compromised accounts. They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.”
Scattered Spider is known to deploy ransomware on victim networks after stealing sensitive data, possibly to extort their victims, although the group does not use a traditional darknet leak site or similar ransomware infrastructure.
“The FBI is actively working with aviation and industry partners to address this activity and assist victims,” the FBI said.
“Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise.”
Three airlines have recently reported cyber security incidents of varying degrees. Hawaiian Airlines, the 10th largest in the US, confirmed an attack that disrupted some of its IT systems, while Canadian carrier WestJet reported an incident that took its mobile app offline and impacted some internal systems.
And just today, on 2 June, the Australian carrier Qantas reported an incident involving a third-party customer service platform at one of its contact centres.
“On Monday, we detected unusual activity on a third-party platform used by a Qantas airline contact centre. We then took immediate steps and contained the system. We can confirm all Qantas systems remain secure,” a Qantas spokesperson said in a statement.
“There are 6 million customers that have service records in this platform. We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant.
“An initial review has confirmed the data includes some customers’ names, email addresses, phone numbers, birth dates and frequent flyer numbers.”
Given the FBI’s warning and media reports of Scattered Spider’s involvement in the attacks, it appears clear that the hacking group’s current campaign is in full swing.
John Hultquist, Chief Analyst at the Google Threat Intelligence Group, noted that Scattered Spider is difficult to track because its organisation is so amorphous.
"Actors pass in and out and the associations aren't extremely firm. That can make it hard to do attribution and it can make it hard to completely put a stop to their activity," Hultquist told Cyber Daily.
"Historically, these actors have gone after sectors in waves and the trend in UK retail shouldn't be ignored. There's an opportunity for the sector to take proactive action, especially against the preferred tactics of these actors, like social engineering."
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.