Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hawaii. Show all posts
Scattered Spider ransomware
airline industry Cyber Attacks cyberattacks on airline FBI Hacker attack Hawaii MFA Palo Alto Networks Scattered Spider Scattered Spider ransomware

Scattered Spider Hackers Target Airline Industry Amid FBI and Cybersecurity Warnings

 

The FBI has issued a new warning about the cybercriminal group known as Scattered Spider, which is now actively targeting the airline industry. Recent cyber incidents at Hawaiian Airlines and Canadian carrier WestJet underscore the growing threat. 

According to the FBI’s advisory released late last week, Scattered Spider is known for using advanced social engineering tactics, often posing as employees or contractors. Their goal is to manipulate IT help desk teams into granting unauthorized access—frequently by requesting the addition of rogue multi-factor authentication (MFA) devices to compromised accounts.  

The group’s typical targets include large enterprises and their third-party service providers. “That puts the entire aviation supply chain at risk,” the FBI noted. Once they gain entry, the hackers typically exfiltrate sensitive information for extortion purposes and sometimes deploy ransomware as part of their attacks. The agency confirmed that it is working closely with industry partners to contain the threat and support affected organizations.  

Hawaiian Airlines reported late last week that it had detected suspicious activity in some of its IT systems. While full flight operations were not disrupted, the airline stated it was taking protective steps. “We’ve engaged with authorities and cybersecurity experts to investigate and remediate the incident,” the company said in a statement, adding that it’s focused on restoring systems and will share further updates as the situation evolves. 

Earlier in June, WestJet disclosed that it had experienced a cybersecurity event, which led to restricted access for certain users. The airline has brought in third-party experts and digital forensic analysts to investigate the breach. 

Although the culprits haven’t been officially named, recent analysis from security firm Halcyon indicates that Scattered Spider has broadened its scope, now targeting not only aviation but also sectors like food production and manufacturing. 

“These attacks are fast-moving and devastating,” Halcyon warned. “They can cripple an entire organization in just a few hours, with impacts on everything from operations to consumer trust.”

Other experts echoed these concerns. Palo Alto Networks’ Unit 42 recently advised aviation companies to be extra cautious, particularly regarding suspicious MFA reset requests and socially engineered phishing attempts.  

Darren Williams, founder and CEO of cybersecurity company BlackFog, emphasized the high value of the airline sector for cybercriminals. “Airlines manage immense volumes of sensitive customer data, making them an extremely attractive target,” he said. “With international travel surging, attackers are exploiting this pressure point.” 

Williams added that the disruptions caused by such attacks can ripple across the globe, affecting travelers, business continuity, and public confidence. “These incidents show that airlines need to invest more heavily in cybersecurity infrastructure that can protect passenger data and maintain operational integrity.”
Read more »
Undersea Cable
Cyber Attacks data security Federal Agency Hawaii Internet Cable Security Undersea Cable

DHS Investigators: Stopped Cyberattack on Undersea Internet Cable in Hawaii

 

An apparent cyberattack on an unknown telecommunication company's servers related to an underwater cable responsible for internet, cable service, and cell connections in Hawaii and the region was "disrupted" by federal agents in Honolulu last week, the agency told in a statement on Tuesday. 

Hawaii-based agents with Homeland Security Investigations, an arm of the Department of Homeland Security, received a tip from their mainland HSI counterparts that led to the disruption of a major intrusion involving a private company's servers associated with an underwater cable. "An international hacker group" was involved in the attack, according to the probe, and HSI agents and international law enforcement partners in multiple countries were able to make an arrest.

The statement did not specify the sort of cyberattack, the hacking group responsible, other law enforcement agencies involved, or the location of any arrests. According to the statement, no damage or interruption happened, and there is no immediate threat. Investigators discovered that the attackers had gained credentials that permitted access to an unnamed company's systems, according to John Tobon, HSI's special agent in charge in Hawaii, who informed a local news station. 

“It could have been something to just create havoc, in other words, just shut down communications, or it could have been used to target individuals in ransomware-type schemes,” he stated.

According to the National Oceanic and Atmospheric Administration, hundreds of "submarine" internet cables carry up to 95 percent of intercontinental internet data. According to an Atlantic Council report, the cables are owned and operated by a mix of corporate and state-owned enterprises, and they are experiencing increasing threats to their security and resilience. 

Justin Sherman, the report's author, highlights worries about authoritarian governments' intent to restrict internet access by influencing physical infrastructure like submarine lines. The lines are also appealing targets for government or criminal parties attempting to collect sensitive data through covert surveillance. Another issue, according to Sherman, is that more cable operators are employing remote management tools for cable networks. 

He wrote, “Many of these systems have poor security, which exposes cables to new levels of cybersecurity risk. Hackers could break into these internet-connected systems from anywhere in the world and physically manipulate cable signals, causing them to drop off entirely — undermining the flow of internet data to specific parts of the world.” 

Sherman added, “One can even imagine a threat actor (state or non-state) hacking into a cable management system and trying to hold the infrastructure hostage.”
Read more »
Subscribe to: Posts (Atom)