FBI warns airlines of ‘rapidly evolving’ threat | Official Website of Louis Velazquez, entrepreneur, finance guy and tech innovator

In August 2024, Seattle-Tacoma International Airport was targeted in what would become one of the largest cyberattacks on an airport in recent years.

After seizing over 90,000 files of sensitive airport data and posting it on the dark web, a hacker group known as Rhysida demand a ransom of 100 bitcoin — approximately $6 million USD at the time — to take it down.

The airport refused to accept the ransom and had been working with authorities to prevent such attacks from happening in the future.

Don’t miss the move: Subscribe to TheStreet’s free daily newsletter

‘Often impersonating employees or contractors to deceive IT help desks’

A year later, cyberattacks targeting airlines and airports have only accelerated, and the Federal Bureau of Investigation (FBI) issued a new warning to be aware of a specific cybercriminal gang known as Scattered Spider.

“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector,” the government agency said in a June 28 warning. “These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access.”

Targeting the airline’s IT support desk rather than individual travelers, the scammers have been asking help desk operators to grant access to accounts masquerading as airport employees.

Over the last year, the hacker group has successfully breached the data of hotel giants MGM Resorts International (MGM) and Caesars Entertainment as well as several large retailers and insurance companies in the United Kingdom. To restore its network, Caesars ended up paying a ransom of over $15 million.

The warning urges airlines to train their IT branches to recognize common ways hackers impersonate existing employees and contractors.

Breaches have in the past led to these groups hacking into internal conferences and telecommunications channels such as Slack to gain sensitive information and then demand high ransoms.

A new hacker group called Scattered Spider has been targeting airports across the world.

Image source&colon; Getty Images

‘Steal sensitive data for extortion and deploy ransomware’

“They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the advisory reads further. “Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims.”

More on travel:

Most recently, Australia’s flagship airline Qantas Airways (QUBSF) discovered that its data storage system has been breached at the end of June. While the airline said that it took “immediate steps [to] contain the system,” the impact of the breach is believed to be “significant” and expose personal data such as names, birth dates, email addresses, phone numbers, and frequent flyer numbers of over six million customers.

Credit card information and passport details, which airlines typically protect through a more secure network, are as of now not believed to have been affected. The airline has already been targeted by several other data breaches in the past year.

Other airlines to be targeted by separate breaches — the sources of which may or may not be connected, as details on the perpetrators have not been released — include Alaska Airlines (ALK) subsidiary Hawaiian Airlines and WestJet in Canada.