Alarm bells are ringing across the airline industry as Scattered Spider, a notoriously aggressive hacking group, has reportedly set its sights on a new target: airlines. Over the weekend, the FBI, alongside tech giants Google and Palo Alto Networks, issued alerts warning of potential cyber threats to the aviation sector.
Qantas, Australia’s flagship carrier, has confirmed a significant cyber attack, revealing that approximately six million customer accounts may have been compromised. Although the airline has not explicitly named Scattered Spider as the culprit, cybersecurity experts suggest the attack bears the hallmark tactics of this elusive group.
Who is Scattered Spider?
Scattered Spider, also known by aliases such as Octo Tempest and Star Fraud, is a loose-knit but highly aggressive hacking collective. Emerging in 2022, the group is believed to consist mainly of young English-speaking members from the US and UK, with some reportedly as young as 16.
Since its inception, Scattered Spider has been implicated in over 100 targeted attacks across various industries, including telecommunications, finance, retail, and gaming. The group is notorious for its strategic targeting of sectors under significant customer pressure, aiming for high-profile victims.
In 2023, Scattered Spider was linked to cyber attacks on gaming giants MGM Resorts and Caesars Entertainment, causing significant disruptions.
The group’s reach extends to the UK, where it has targeted major retail brands like Harrods and Marks & Spencer, resulting in substantial financial losses.
Tactics and Techniques
Scattered Spider is known for employing aggressive social engineering tactics, exploiting human vulnerabilities to infiltrate systems. These methods often involve impersonating staff members to gain access to sensitive information.
David Tuffley, a cybersecurity expert from Griffith University, describes their approach as “pretty aggressive,” noting their ability to manipulate people into unwittingly aiding their efforts.
“They would know just how to talk in the right way, to get people to do what it is they want them to do,” Tuffley explained.
Another common tactic is multi-factor authentication (MFA) bombing, where attackers overwhelm users with MFA requests until they inadvertently grant access.
Impact on Qantas and the Aviation Sector
Qantas has issued a statement acknowledging unusual activity detected on a third-party platform used by its contact center. The airline confirmed that customer data, including names, email addresses, and frequent flyer numbers, might have been accessed.
Importantly, Qantas reassured customers that credit card details and passport information were not compromised. CEO Vanessa Hudson has apologized for the breach, recognizing the uncertainty it has caused.
The FBI has noted an expansion in Scattered Spider’s targeting to include the airline sector, warning that anyone within the airline ecosystem could be at risk.
“The FBI is actively working with aviation and industry partners to address this activity and assist victims,” the agency stated.
Implications and Future Concerns
The breach at Qantas highlights the potential for personal data to be used in subsequent attacks, such as fraud or identity theft. Experts like Professor Tuffley warn that data from breaches can be combined to impersonate individuals, facilitating scams like SIM swapping.
Professor Daswin De Silva of La Trobe University cautions that delays in notifying the public about breaches can exacerbate the risk of targeted attacks.
“The Australian government and relevant authorities must do better in managing the communications, impact and loss following cyber attacks,” De Silva emphasized.
Qantas advises customers to remain vigilant, regularly checking accounts and transactions. Experts recommend avoiding password reuse across systems to mitigate risks.
As the airline industry grapples with this emerging threat, the focus will be on strengthening cybersecurity measures and improving communication strategies to protect against future attacks.
