据联邦调查局（FBI）称，网络犯罪组织Scattered Spider正在将目标对准美国和加拿大的航空业。该组织通过欺骗IT帮助台来获取数据访问权限，对航空业生态系统内的任何人都构成潜在风险。Scattered Spider惯用社会工程学手段，冒充员工或承包商，绕过多因素身份验证。一旦入侵，他们会窃取敏感数据进行勒索，并经常部署勒索软件。网络安全公司Mandiant和Unit 42均观察到类似攻击，并建议航空业立即加强身份验证流程，防范此类网络威胁。

🕷️Scattered Spider通过社会工程学手段攻击航空业：该组织主要通过冒充员工或承包商，欺骗IT帮助台授予访问权限。他们经常使用各种方法绕过多因素身份验证，例如说服帮助台服务将未经授权的MFA设备添加到受感染的帐户。

✈️攻击目标包括整个航空生态系统：FBI指出，Scattered Spider的目标是大型公司及其第三方IT提供商，因此，包括可信供应商和承包商在内的航空生态系统内的任何人都可能面临风险。

🚨攻击后果严重，涉及数据盗窃和勒索：一旦进入系统，Scattered Spider会窃取敏感数据进行勒索，并经常部署勒索软件。虽然FBI未表明这些行为影响航空安全，但潜在的经济损失和声誉损害不容忽视。

🛡️行业应对措施：网络安全公司Mandiant和Unit 42建议，航空业应立即采取措施加强帮助台身份验证流程，包括在向员工/承包商帐户添加新电话号码之前进行验证，重置密码，为MFA解决方案添加设备，或提供员工信息，以防止社会工程攻击。

Scattered Spider, a cybercriminal group, is targeting the aviation industry in the US and Canada.The FBI said the hackers are deceiving IT help desks into granting them access to data.Anyone part of the "airline ecosystem" could be at risk, the FBI said.

Even IT pros are susceptible to hackers these days.

According to an FBI warning, a notorious cybercriminal group known as Scattered Spider is deceiving IT help desks into targeting the US airline industry.

Scattered Spider gained attention in 2023 for hacking both MGM Resorts and Caesars Entertainment within a week of each other.

"These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access," the FBI said on X. "These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts."

The FBI said the group is focused on large corporations and their third-party IT providers, so "anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk."

"Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware," the agency said.

The FBI did not indicate that the actions affect airline safety.

Charles Carmakal, the chief technology officer at Google's Mandiant, a cybersecurity firm and subsidiary of Google Cloud, said on LinkedIn that the firm was "aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider."

"We recommend that the industry immediately take steps to tighten up their help desk identity verification processes prior to adding new phone numbers to employee/contractor accounts (which can be used by the threat actor to perform self-service password resets), reset passwords, add devices to MFA solutions, or provide employee information (e.g. employee IDs) that could be used for a subsequent social engineering attacks," he said.

Unit 42, a cybersecurity threat research team that is part of the larger Palo Alto Networks cybersecurity corporation, said it also observed Scattered Spider targeting the aviation industry.

"Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests," Sam Rubin, senior vice president of consulting and threat intelligence for Unit 42, said on LinkedIn on Friday.

Canada's WestJet announced earlier this month that it had uncovered a "cybersecurity incident involving internal systems and the WestJet app, which has restricted access for several users." A spokesperson told Business Insider the company has made "significant progress" regarding the matter, and investigations were ongoing.

Hawaiian Airlines also said on Thursday that it experienced a "cybersecurity event" that affected some of its IT systems.

"We continue to safely operate our full flight schedule, and guest travel is not impacted," the company said in a press release.

Neither airline provided details about who or what caused the cybersecurity incidents. A Southwest Airlines spokesperson said that its systems had not been compromised.