LOS ANGELES — A recent warning from the FBI highlights a concerning trend: even IT professionals are not immune to cyber threats. The notorious cybercrime collective known as Scattered Spider is reportedly targeting IT help desks in a scheme aimed at infiltrating the U.S. airline industry. This group gained notoriety earlier this year when it executed successful hacks on both MGM Resorts and Caesars Entertainment in quick succession.
According to the FBI, Scattered Spider employs social engineering tactics to manipulate IT helpdesk personnel into providing unauthorized access to secure systems. These tactics often involve impersonating legitimate employees or contractors, with the intent to circumvent multi-factor authentication protocols. The FBI noted that this approach could allow cybercriminals to append unauthorized devices to compromised accounts, thus bypassing critical security measures.
The threat is particularly acute for major corporations and their third-party IT providers, posing risks for all entities within the airline ecosystem, including trusted vendors. The FBI emphasized that once the hackers gain entrance to a system, they often steal sensitive data for extortion purposes and may deploy ransomware to further exploit their targets.
Cybersecurity professionals are urging the airline industry to bolster their security protocols. Charles Carmakal, chief technology officer at Mandiant, stressed the importance of tightening identity verification processes for help desk operations. He advised organizations to be cautious when adding new phone numbers or making changes to user accounts that could facilitate self-service password resets.
Unit 42, a cybersecurity research team affiliated with Palo Alto Networks, corroborated the FBI’s findings, stating that Scattered Spider has been actively eyeing the aviation sector. Sam Rubin, a senior vice president with Unit 42, warned that organizations must remain vigilant against increasingly sophisticated social engineering attacks and suspicious requests to reset multi-factor authentication.
The urgency for enhanced cybersecurity measures comes amid recent incidents affecting airline operations. Earlier this month, WestJet disclosed a cybersecurity breach involving its internal systems and app, which limited access for certain users. Despite these challenges, the airline indicated it had made substantial progress in addressing the situation while ongoing investigations continue.
Similarly, Hawaiian Airlines reported a “cybersecurity event” earlier this week that disrupted some IT systems but reassured passengers that flight operations remained unaffected. In contrast, Southwest Airlines reported no compromises to its systems, highlighting the varied impact of ongoing cyber threats in the aviation industry.
Industry experts emphasize that all players in the airline sector must remain alert. The growing sophistication of threats like Scattered Spider makes proactive security measures essential for protecting sensitive data and maintaining operational integrity.