It’s been a challenging year for air travel in the United States, with issues involving air traffic control at Newark Airport being one of the most high-profile examples thus far. Now, however, the FBI has issued a warning that a very different challenge might face the nation’s airports and airlines: hackers. Specifically, a group called Scattered Spider that’s been in the news for a number of different hacks in recent years.
The warning, posted in late June on social media, noted that Scattered Spider had set its sights on the world of aviation. “These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access,” the agency wrote. “These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.”
The FBI added that members of the hacker group have been known to “steal sensitive data for extortion and often deploy ransomware” — and that it was working with companies within the industry to respond to the threat. It isn’t hard to imagine the dangers posed by a malicious actor tinkering with the software that keeps an airline or airport operational.
As SFGATE’s Jim Glab pointed out in an article on the announcement, several airlines have reported cybersecurity issues in recent weeks — though it isn’t clear if these are the work of Scattered Spider or another group.
In a recent article for WIRED, Matt Burgess and Lily Hay Newman provided a good overview of the cases that have made Scattered Spider notorious, including an attack on the retail chain Marks & Spencer. A warning issued by the U.S. Cybersecurity and Infrastructure Security Agency in 2023 offered more details into the group’s methods and techniques, as well steps organizations could take to reduce the threat posed by Scattered Spider.
This article was featured in the InsideHook newsletter. Sign up now.
