The hacking collective Scattered Spider is gaining attention for targeting airline and transportation companies. Known for its sophisticated social engineering tactics and ransomware attacks, the group has previously targeted major sectors, including retail and hospitality. Now, the airline industry finds itself in the crosshairs. Recent cyber incidents at Hawaiian Airlines and WestJet underline the risks.
What’s Happening & Why This Matters
Cybersecurity firm Mandiant, a Google unit, alerts the industry about multiple recent attacks matching Scattered Spider’s signature. Their chief analyst, John Hultquist, highlights the group’s use of social engineering, posing as help desk staff to fool employees into revealing passwords or installing harmful software.
This method enables the gang to steal sensitive data and deploy ransomware for hefty payouts. Hultquist urges airlines to reinforce call center security, as these have been key points of compromise.
Palo Alto Networks’ Senior VP, Sam Rubin, adds that airlines must watch for suspicious multi-factor authentication requests. Scattered Spider often sends fake SMS alerts mimicking login systems to phish employees.
US cyber authorities have spotted the group employing brute-force tactics, flooding login systems with push notifications to exhaust users into granting unauthorized access.
To counter these threats, Mandiant’s CTO Charles Carmakal recommends tightening help desk identity verification. This includes stricter controls before adding phone numbers to employee accounts, preventing attackers from using self-service password resets.
Though Hawaiian Airlines and WestJet haven’t confirmed Scattered Spider’s involvement, Hawaiian assures customers that flights remain unaffected and operations continue safely.
Insights
John Hultquist explains, “The industry should button up its call centers where this actor has had a lot of success with social engineering.” This statement underscores the importance of employee training and strict authentication protocols.
Sam Rubin points out the need for vigilance around multi-factor authentication, emphasizing how attackers exploit these mechanisms with fake notifications.
TF Summary: What’s Next
The growing threat from Scattered Spider demands immediate action from airlines. Strengthening employee training, securing help desks, and enhancing identity verification are critical steps. These measures can thwart social engineering and ransomware attempts, thereby protecting passenger data and ensuring the integrity of flight operations.
As cybercriminal tactics become ever more sophisticated, companies must stay proactive. Collaboration and updated cybersecurity protocols are key to safeguarding the sector against future attacks.
— Text-to-Speech (TTS) provided by gspeech