A group of cybercriminals known as Scattered Spider cyberattacks has recently carried out a series of cyberattacks on airlines in the United States and Canada. These hackers are known for using advanced social engineering tricks to break into corporate systems and steal private data. The FBI and private cybersecurity teams are now actively involved in managing the threat.
Although flight operations remain safe and uninterrupted, these cyberattacks have alarmed security experts throughout the airline industry. The attacks come at the start of the summer travel season, which is one of the busiest times of the year. With similar attacks having hit the insurance and retail industries in recent weeks, experts fear this trend could expand further.
Scattered Spider is especially dangerous because it often targets not just large companies, but also their trusted partners and IT service providers. The FBI has warned that any company involved in the airline sector could be at risk, including vendors and contractors. Once inside a network, the hackers steal sensitive information and demand ransom payments. They sometimes deploy ransomware to make the attacks even more damaging.
In a public statement, the FBI confirmed it is working with airline companies and cybersecurity partners to manage the situation. The agency is also helping those already affected by these attacks.
Hawaiian Airlines and WestJet, a Canadian airline, are among the known victims. Both have confirmed they are still investigating the impact of the attacks. While neither company directly named Scattered Spider, cybersecurity experts believe the group is behind the breaches.
Two weeks ago, WestJet reported a “cybersecurity incident” that disrupted access to some of its systems, including the app used by customers. However, both WestJet and Hawaiian Airlines have said that flight schedules and airport operations were not affected.
According to Aakin Patel, a former airport security officer, this limited impact shows that these airlines may have strong internal systems that prevent a total shutdown in the case of a cyberattack.
Cybersecurity experts also note that it’s not just airlines under threat. Other parts of the aviation sector are seeing increased cyber activity. These include software providers, support centers, and vendors that are deeply tied to airline systems.
Jeffey Troy, who leads an industry group focused on cybersecurity in aviation, stated that his members are paying close attention. He noted that financial motives and global political tensions are driving many of these attacks.
The risks of cyber-related delays were highlighted last week when an unrelated IT system outage caused travel problems for some passengers flying with American Airlines. While that problem wasn’t a cyberattack, it showed how dependent airlines are on working technology.
Major airlines in North America are now on high alert. Internal teams and outside cybersecurity firms are working together to monitor systems, prevent further attacks, and fix any damage done. One of the firms helping in the recovery is Mandiant, a Google-owned cybersecurity company that specializes in handling these kinds of threats.
A favorite trick used by Scattered Spider is calling company help desks and pretending to be employees. This form of social engineering is often enough to gain entry into protected networks. Since airlines rely heavily on customer service call centers, these are now being flagged as potential weak points.
According to cybersecurity expert Patel, call centers are often the first place hackers test their luck, making them easy entry points. He advised that these centers now require extra attention and security upgrades.
Scattered Spider gained public attention in 2023 when the group was linked to large-scale hacks on two major casino companies in Las Vegas. The attacks led to financial losses and significant business disruption. The group is known to focus on one industry at a time. In recent months, they have shifted from gambling to insurance and now to aviation.
Earlier this month, insurance firm Aflac was hacked, with the attackers gaining access to sensitive health and financial data. Before that, retail chains such as Giant and Food Lion were targeted, according to an internal memo.
Charles Carmakal, the chief technology officer at Mandiant, said the group continues to use the same basic tactics. His team is currently investigating several recent cyber incidents in the airline and transportation sectors that bear the hallmarks of Scattered Spider’s operations.
As the travel season continues, airlines are under pressure to boost their cyber defenses and protect customer data. With the aviation industry now clearly in the crosshairs, experts warn that fast action is needed to stay ahead of the threats.
