The notorious cybercriminal group dubbed “Scattered Spider” is now targeting the airline sector, the Federal Bureau of Investigation (FBI) warned.
The FBI posted on X that the group relies on “social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access” and frequently involves methods to bypass multifactor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.
“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI wrote.
The agency further warned that the cybercriminal group is also known to steal sensitive data for extortion and often deploy ransomware.
HACKERS TARGET INSURANCE GIANT IN ONGOING INDUSTRY CYBER SPREE
The agency is working with the aviation and industry partners to address this activity and assist victims. Airlines for America, which represents the leading U.S. passenger carriers, declined comment.
Last week, Hawaiian Airlines said it was addressing a cybersecurity event that has affected some of its IT systems. However, it said it was able to continue operating its full flight schedule. The Federal Aviation Administration (FAA) safety office said it was in contact with the airline and that there has been no impact on safety.
This warning is “a stark reminder of how vulnerable even our most critical infrastructure remains,” Kelly Siegel, CEO of trusted IT managed services provider company, National Technology Management, told FOX Business. “Cyber threats aren’t hypothetical – they’re a relentless reality, and our airlines are in the crosshairs.”
STEELMAKER NUCOR EXPERIENCES CYBERSECURITY INCIDENT, SHUTS DOWN SOME PRODUCTION
The reason airlines are particularly vulnerable, according to Siegel, is because of their heavy reliance on interconnected digital systems that include reservation systems, flight management software, air traffic control communications, baggage handling systems and in-flight entertainment platforms.
“A single breach can cascade into widespread operational disruptions, data theft, or even compromise critical flight safety measures,” he said.
Siegel said air traffic control and aviation systems are also vulnerable to cyberattacks due to antiquated technology.
Similarly, Capt. Dennis Tajer, a spokesperson for the Allied Pilots Association and a veteran pilot, told FOX Business that cyberattacks that invade technology systems could disrupt information flow from the aircraft and pilots to the airlines’ operations center, which could result in delays.
“As we’ve seen in the recent past, when technology support systems fail, passengers cannot be processed, flight plan processing is halted and data-based maintenance record reviews are obstructed, all massive and widespread causing delays,” Tajer said.
While there are back-up systems that every airline uses, Tajer said, “the adversary is always looking at a way around it.”
However, Tajer said the two trained and experienced pilots on board are still the “biggest safeguard against cyberattacks on airplane safety.” It’s one of the reasons why it’s so critical to keep two pilots in the cockpit, he added.
“Those who want to decrease or remove pilots from the cockpit are gambling with lives and ignoring the reality that cyberattacks could target airplane safety at some point,” Tajer said. “What protects lives when technology goes bad or is attacked are other lives known as professional pilots.”
