The Federal Bureau of Investigation has issued a warning that Scattered Spider, the notorious hacking syndicate, is now going after airlines in a bid to extra passenger data, lock down servers, and extract ransom money.
FBI Says Scattered Spider Brings Casino Playbook to Airlines
The organization is increasingly relying on social engineering tactics, which allow it to convince airline employees that the person contacting them is indeed a part of the inner social structure of the company.
In a statement, the FBI said that the hackers relied heavily on duping IT help desks into granting them access, able to provide enough identifiable information while at the same time not raising suspicion:
“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.”
As the FBI noted, the idea is to ensure that hackers do not have to deal with MFA solutions that are hard to hack or even breach. Scattered Spider has not changed its ways much since it attacked MGM and Caesars back in 2023, as well.
The hacker syndicate has followed the same strategy – access sensitive data and then threaten companies to release the information, so that companies would prefer to pay the ransom and hope for the best.
Surprisingly, Scattered Spider is worth its word, and the criminal syndicate does not sell data later on if a company pays. This is because criminal organizations that rely on extracting money from the victims should also ensure that they can be trusted in the first place.
However, the FBI has encouraged companies to refuse to pay ransom and rather contact law enforcement to seek a resolution. Most companies, however, refuse or even keep such attacks hidden for months on end. Caesars, for example, supposedly paid $15 million in ransom money, while MGM turned down the hackers.
Airlines Hit Time and Again as They Make Good Targets
The FBI has said that if everyone refused to pay out, criminals would be less incentivized to try and infiltrate companies if they knew there was no money. Or so the logic goes. The reality is that Scattered Spider has no reason to stop at all, as companies continue to comply with its ransom demands, from Hawaiian Airlines to Delta Airlines to WestJet, a Canadian airline.
Scattered Spider is picking airlines by design, as these companies contain vast troves of sensitive data that can be used for anything from further attacks on companies to financial scams, identity fraud, and more. Yet, argues the FBI, the best way to respond is to contact the authorities immediately after your company has become the victim of a ransom attack.