The cybercriminal group known as Scattered Spider has emerged as a significant threat to multiple industries, including aviation, insurance, and gambling. Renowned for their advanced social engineering tactics, this group targets not only large corporations but also their trusted partners and service providers. Their ability to breach corporate networks and steal sensitive information has alarmed cybersecurity experts and prompted increased vigilance across sectors.
Scattered Spider gained public attention in 2023 following large-scale cyberattacks on two major casino companies in Las Vegas. These breaches resulted in considerable financial losses and disrupted business operations. Following their focus on the gambling industry, the group shifted to targeting insurance firms. One recent attack involved Aflac, a leading insurance company, where hackers accessed sensitive health and financial data. More recently, Scattered Spider has turned its attention to the aviation sector, launching attacks against airlines in the United States and Canada, including Hawaiian Airlines and WestJet.
What makes Scattered Spider particularly dangerous is their use of sophisticated social engineering techniques. Rather than relying solely on technical vulnerabilities, the group exploits human factors to gain entry into protected systems. A common method involves calling company help desks and impersonating employees to bypass security measures. Because airlines and many other industries depend heavily on customer service call centers, these have become a critical vulnerability. Cybersecurity experts warn that call centers are often the first place hackers test their chances, making them potential gateways into corporate networks.
Once inside a network, Scattered Spider can steal sensitive information and sometimes deploy ransomware to increase the attack’s impact. This ransomware locks down systems and demands ransom payments from the victims. The combination of data theft and ransomware deployment increases the financial and operational risks for affected companies.
The recent cyberattacks on airlines have raised particular concern due to their timing. The attacks came at the start of the summer travel season, one of the busiest periods of the year. While flight operations remain safe and uninterrupted, disruptions to internal systems have been reported. For instance, WestJet experienced a cybersecurity incident that temporarily limited access to certain systems, including customer-facing applications. Both WestJet and Hawaiian Airlines have confirmed they are investigating the full impact of the attacks but emphasize that airport operations and flight schedules were not affected.
Experts believe that the limited operational impact shows that some airlines have robust internal defenses capable of preventing a total system shutdown. Aakin Patel, a former airport security officer, suggests that these strong internal systems help airlines withstand cyberattacks better than other industries. However, the threat remains serious, especially as the attackers target vendors, contractors, and other aviation partners who have access to critical airline systems.
The Federal Bureau of Investigation (FBI) is actively involved in responding to these attacks. The agency has publicly confirmed its collaboration with airline companies and cybersecurity partners to manage the threat. The FBI is also assisting companies already affected by Scattered Spider’s cyberattacks. Alongside the FBI, private cybersecurity firms such as Mandiant, a Google-owned company specializing in cyber threat response, are helping investigate incidents and support recovery efforts.
The aviation sector is not the only industry feeling the pressure from Scattered Spider’s attacks. In recent weeks, similar breaches have affected retail chains like Giant and Food Lion. The hackers’ shift from gambling to insurance and now aviation indicates a strategy of focusing on one industry at a time, exploiting each sector’s specific vulnerabilities. Cybersecurity experts, including Charles Carmakal, Chief Technology Officer at Mandiant, note that the group continues to use consistent tactics despite changing targets. His team is currently investigating several cyber incidents in the airline and transportation sectors linked to Scattered Spider.
Financial motives appear to be a key driver behind these attacks, but global political tensions may also play a role. Jeffey Troy, who leads an industry group focused on aviation cybersecurity, highlights that the combination of monetary gain and geopolitical factors is fueling the rise in cyberattacks targeting critical infrastructure and transportation systems.
The recent disruption faced by American Airlines due to an unrelated IT system outage illustrated the airline industry’s heavy reliance on technology. While that incident was not caused by a cyberattack, it underscored how vulnerable airline operations can be to system failures. This dependency makes the sector an attractive target for cybercriminal groups like Scattered Spider.
To counter the growing threat, major airlines in North America have heightened their cybersecurity measures. Internal security teams and external firms are working together to monitor networks, prevent new breaches, and repair damage from recent attacks. Particular attention is being given to strengthening call center security, where social engineering attacks frequently begin.
As the summer travel season progresses, the aviation industry faces the dual challenge of managing high passenger volumes and protecting critical systems from cyber threats. Scattered Spider’s cyberattacks highlight the evolving nature of these risks and the urgent need for robust defenses to safeguard sensitive information and ensure safe, uninterrupted travel.
