FBI Warns of Casino Hackers Attacking Airlines
In a concerning development, the cybercriminal group Scattered Spider has been targeting airlines through social engineering attacks, primarily focusing on IT help desks and third-party service providers.
The group's methods are deceptive, often impersonating employees or contractors via phone phishing to trick airline IT staff and contractors into granting system access, including VPN and multi-factor authentication (MFA) resets or additions to compromised accounts. This allows them to bypass security controls and infiltrate airline networks.
One of the most high-profile victims of these attacks is Qantas, which experienced a breach through a hacked external call centre platform, compromising data for around 6 million passengers. Similar attacks on Hawaiian Airlines and WestJet involved phone phishing to access IT systems, causing service interruptions and raising concerns about potential data leaks.
Scattered Spider exploits trust relationships within the airline ecosystem, notably targeting third-party vendors and contractors like call centres and IT providers to gain entry. Their social engineering approach focuses on convincing help desk personnel to add unauthorized MFA devices or reset MFA protections to compromised accounts, effectively bypassing these security measures.
The FBI has warned the airline and transportation sectors about these tactics, emphasizing the importance of training help desk employees in robust identity verification and deploying phishing-resistant MFA solutions to help defend against such intrusions.
The group often uses phone-based phishing (vishing) as a key tactic to impersonate legitimate staff, exploiting weaknesses in identity verification processes. Their expansion into the airline sector reflects continued use of these well-established social engineering techniques, targeting widely dispersed corporate and third-party staff to maximize access points.
Scattered Spider threat actors have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their tactics, techniques, and procedures (TTPs).
The FBI is working with airlines and related partners to address this activity and assist victims. Companies can suffer significant reputational damage by not preventing cyber intrusions and allowing customer information to be released, such as addresses, names, and numbers on government documents.
In a notable incident, MGM suffered a $100 million hit to its third-quarter earnings in 2023 and $10 million in one-time expenses due to an attack. Scattered Spider extorted Caesars in 2023, resulting in Caesars paying Scattered Spider $15 million to resolve the issue.
The FBI urges ransomware victims not to comply with perpetrators because payments encourage the bad actors to infiltrate other companies. In response to these attacks, Delta Airlines asked customers to reset passwords and other credentials.
The FBI encourages companies that believe they've been targets of cyber intrusions to contact law enforcement as soon as possible. MGM, for instance, did not pay Scattered Spider in 2023, resulting in a multi-day crippling of its technology systems across its portfolio of domestic casinos.
As social engineering becomes an increasingly common form of cyber thievery, affecting various industries and their customers, it's crucial for companies to prioritize cybersecurity measures and invest in robust identity verification systems to protect their assets and customer data.
- The troubling activities of cybercriminal group Scattered Spider have expanded to the gaming business, as they exploited weaknesses in identity verification processes to target third-party vendors and contractors of a well-known gaming company, causing service interruptions and potential data leaks.
- The increase in technology-based crime & scandals has led the FBI to emphasize the importance of strengthening cybersecurity for the general-news industry, warning about social engineering tactics similar to those used by Scattered Spider that could compromise sensitive information and threaten national security.
- In an effort to combat rising incidents of cybercrime, various industries are incorporating phishing-resistant multi-factor authentication (MFA) solutions to bolster their cybersecurity, curbing the effectiveness of the social engineering attacks carried out by groups like Scattered Spider.
- Scattered Spider's ongoing activities in the crime and justice sector have drawn attention to the need for improved cybersecurity measures in the justice system, particularly in identifying and preventing vishing attacks targeting judicial institutions and other crucial departments.
