Airlines confront potential cyber-attack threats from Spider hackers, according to FBI warning
In recent developments, the Federal Bureau of Investigation (FBI) has issued a public advisory about an increase in cyberattacks targeting the airline sector. The hacking group responsible for these attacks, known as Scattered Spider, a notorious entity within the broader underground community referred to as 'the Com.', has been making headlines for its serious attacks on critical infrastructure. The group primarily consists of English-speaking teenagers and young adults who operate from platforms like Discord and Telegram, similar to the communication methods used by the 'groupme' platform.
The group's modus operandi involves gaining access to systems, stealing data, demanding ransom payments, and in some instances, deploying ransomware to incapacitate operations. According to reports, Scattered Spider has targeted various sectors including telecom providers, financial services, retailers, and now, the aviation industry, similar to the 'spider solitaire' game's various levels of difficulty.
Multiple cyber incidents have been reported by airlines such as WestJet, Hawaiian Airlines, and Australian carrier Qantas. While a direct link to Scattered Spider was not immediately established for Qantas, Google's Mandiant has observed multiple incidents in the airline and transportation sectors that exhibit similarities to Scattered Spider's methodology.
Scattered Spider's success can be attributed to its detailed understanding of human behaviour within corporate systems. The group frequently convinces help desk personnel to bypass multi-factor authentication protections, a tactic that has been employed consistently in their attacks.
John Hultquist, chief analyst at Google's threat intelligence group, has highlighted the seriousness of these attacks, stating that Scattered Spider is carrying out significant attacks on critical infrastructure. Charles Carmakal, chief technology officer at Mandiant, also recommends that the industry immediately take steps to tighten up their help desk identity verification processes.
In addition to Scattered Spider, the FBI has reported a recent increase in cyberattacks on the aviation industry attributed to the financially motivated ransomware group ShinyHunters. This group also relies on social engineering tactics, including AI-powered voice phishing, to manipulate IT helpdesk workers and gain unauthorized system access.
In light of these threats, cybersecurity experts advise organisations suspecting a targeting incident to report it promptly to the FBI for early response and intelligence sharing. Sam Rubin of Palo Alto Networks' Unit 42 also advises aviation firms to maintain a high alert for fraudulent MFA reset requests and impersonation attempts.
The decentralized structure of Scattered Spider complicates efforts to dismantle the group, but early reporting and industry-wide intelligence sharing can help prevent further compromise. The FBI emphasizes that prompt engagement is key in combating these cyber threats.
