Hawaiian Airlines has disclosed a cybersecurity incident just as the US government and the security industry issued a warning over the notorious Scattered Spider cybercrime group targeting the aviation sector.
Warnings over Scattered Spider attacks against the aviation and transportation sectors were issued over the weekend by the FBI, Google Cloud’s Mandiant, and Palo Alto Networks.
The FBI said the cybercrime group has extended its targeting to the airline sector and urged the industry to reach out if they discover any indication of a hacker attack.
“Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise,” the FBI said.
The agency pointed out that Scattered Spider typically relies on social engineering techniques to gain access to the victim’s systems, noting that the hackers may target airlines’ trusted vendors and contractors as well.
Charles Carmakal, CTO of Mandiant Consulting, told SecurityWeek in an emailed statement that “Mandiant is aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider. We are still working on attribution and analysis, but given the habit of this actor to focus on a single sector we suggest that the industry take steps immediately to harden systems.”
“The actor’s core tactics, techniques, and procedures have remained consistent,” Carmakal noted. “This means that organizations can take proactive steps like training their help desk staff to enforce robust identity verification processes and deploying phishing-resistant MFA to defend against these intrusions. Additional advice can be found in our previous hardening guide.”
Hawaiian Airlines, a subsidiary of Alaska Air Group, told the SEC late last week that it had identified a cybersecurity incident affecting certain IT systems.
“Upon learning of this event, we immediately took steps to safeguard Hawaiian’s operations and systems. Flights are currently operating safely and as scheduled. We have engaged the relevant authorities and experts to assist in our investigation and ongoing remediation efforts,” Hawaiian Airlines said, adding that it has yet to determine whether the incident will have a material impact.
It’s unclear whether Scattered Spider is behind the Hawaiian Airlines hack, but Axios has learned from sources that another recent airline cyberattack — the WestJet incident — is likely the work of the cybercrime group.
The Canadian airline WestJet, which operates scheduled, charter, and cargo services, reported earlier in June that a cyberattack had disrupted certain internal systems and impacted access to its application and website, but did not impact operations.
American Airlines also reported experiencing a “technology issue” on Friday. The airline said the incident had impacted connectivity for some systems, which led to some delays, but no flight cancelations. It’s still unclear if a cyberattack is to blame.
Scattered Spider made headlines in recent months after it was linked to the attacks on UK and US retailers.
A few weeks later, the cybersecurity community warned that Scattered Spider had shifted its focus to insurance companies.
Related: Ahold Delhaize Data Breach Impacts 2.2 Million People
Related: 743,000 Impacted by McLaren Health Care Data Breach
Related: Krispy Kreme Confirms Data Breach After Ransomware Attack
