Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label aviation cyber attacks. Show all posts
GPS Spoofing
aviation aviation cyber attacks Cyber Attacks Cybersecurity Attack GPS GPS interference GPS Spoofing

Delhi Airport Hit by Rare GPS Spoofing Attacks Causing Flight Delays and Diversions

 


Delhi’s Indira Gandhi International Airport witnessed an unusual series of GPS spoofing incidents this week, where fake satellite signals were transmitted to mislead aircraft about their real positions. These rare cyber disruptions, more common in conflict zones or near sensitive borders, created severe flight congestion and diversions. 

According to reports, more than 400 flights were delayed on Friday alone, as controllers struggled to manage operations amid both spoofing interference and a separate technical glitch in the Air Traffic Control (ATC) system. The cascading impact spread across North India, disrupting schedules at several major airports. Earlier in the week, Delhi Airport ranked second globally for flight delays, as reported by the Times of India. 

At least seven flights had to be diverted to nearby airports such as Jaipur and Lucknow, even though all four of Delhi’s runways were fully operational. On Tuesday, the Navigation Integrity Category value—a critical measure of aircraft positioning accuracy—fell dramatically from 8 to 0, raising alarms within the aviation community. Pilots reported these irregularities within a 60-nautical-mile radius of Delhi, prompting the Directorate General of Civil Aviation (DGCA) to initiate an investigation, as confirmed by The Hindu. 

The situation was worsened by the temporary shutdown of the main runway’s Instrument Landing System (ILS), which provides ground-based precision guidance to pilots during landings. The ILS is currently being upgraded to Category III, which will allow landings even in dense fog—a major requirement ahead of Delhi’s winter season. However, its unavailability has forced aircraft to rely heavily on satellite-based navigation systems, making them more vulnerable to spoofing attacks. GPS spoofing, a complex form of cyber interference, involves the deliberate transmission of counterfeit satellite signals to trick navigation systems. 

Unlike GPS jamming, which blocks genuine signals, spoofing feeds in false ones, making aircraft believe they are in a different location. For example, a jet actually flying over Delhi could appear to be over Chandigarh on cockpit instruments, potentially leading to dangerous course deviations. Such cyber manipulations have grown more frequent worldwide, raising serious safety concerns for both commercial and military aviation. 

In India, GPS spoofing incidents are not entirely new. The Centre informed Parliament earlier this year that 465 such cases were recorded between November 2023 and February 2025 along the India-Pakistan border, primarily near Amritsar and Jammu. A report by the International Air Transport Association (IATA) also revealed that over 430,000 cases of GPS jamming and spoofing were documented globally in 2024, a 62% increase from the previous year. The consequences of such interference have sometimes been deadly. 

In December 2024, an Azerbaijan Airlines aircraft crashed in Kazakhstan, reportedly due to Russian anti-aircraft systems misidentifying it amid GPS signal disruption. Earlier this year, an Indian Air Force aircraft flying humanitarian aid to earthquake-hit Myanmar encountered GPS spoofing suspected to originate from Chinese-enabled systems. Data from the GPSjam portal shows India’s borders with Pakistan and Myanmar among the world’s top five regions with poor navigation accuracy for aircraft. 

With Delhi Airport handling over 1,550 flights daily, even brief interruptions can cause widespread delays and logistical chaos. The Airports Authority of India (AAI) has assured that technical teams are working to strengthen the ATC system and implement safeguards to prevent future interference. As investigations continue, the recent incidents serve as a crucial reminder of the evolving cybersecurity challenges in modern aviation and the urgent need for resilient navigation infrastructure to ensure passenger safety in increasingly contested airspace.
Read more »
social engineering scams
aviation cyber attacks Cyber Security cybersecurity threats FBI Scattered Spider ransomware social engineering scams

FBI Warns Airlines and Insurers as Scattered Spider Ransomware Attacks Surge

 

When the Federal Bureau of Investigation (FBI) sounds the alarm on cybersecurity, organizations should take immediate notice. The latest urgent warning involves the notorious Scattered Spider group, which has already made headlines for attacking major retailers such as Marks & Spencer in the U.K.—a breach estimated to have cost the company upwards of $600 million.

According to the FBI, this cybercriminal organization is now turning its focus to the airline sector, targeting companies both directly and by infiltrating their supply chains. A recent June 26 report by Halcyon ransomware analysts indicated Scattered Spider had expanded operations into the Food, Manufacturing, and Transportation sectors, especially Aviation. The FBI confirmed this, stating via email:

“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.”

The agency also posted this statement on X, formerly Twitter, highlighting that the attackers use consistent tactics—namely social engineering. Scattered Spider often impersonates employees or contractors to manipulate IT help desks into granting unauthorized access. Their ultimate goal is to sidestep multi-factor authentication (MFA) by convincing support staff to register fraudulent MFA devices to compromised accounts.

This threat group has been on law enforcement radar for years. In 2023, the FBI and the Cybersecurity and Infrastructure Security Agency issued a joint advisory after Scattered Spider activity against commercial facilities escalated. Authorities are now working closely with aviation companies to counter this surge in attacks and assist any impacted organizations. The FBI urges anyone who suspects their business has been targeted to contact their local office without delay.

Meanwhile, the Reliaquest Threat Research Team has published a detailed profile of Scattered Spider, emphasizing that 81% of the group’s domains impersonate technology vendors. Their preferred victims are executives and system administrators with high-level credentials. Reliaquest reports that the attackers leverage sophisticated phishing frameworks such as Evilginx and even conduct video calls to deceive targets in industries like finance, technology, and retail.


Recent analysis has uncovered Scattered Spider’s connection to The Community, a loosely organized hacking collective. According to cybersecurity firm Reliaquest:

“Through strategic alliances with major ransomware operators ALPHV, RansomHub, and DragonForce…”

Scattered Spider has gained access to sophisticated tools and techniques, many of which originate from Russia-aligned and English-speaking threat actors. This collaboration has enabled the group to launch highly convincing impersonation campaigns targeting Western organizations.

Social Engineering with a Scripted Edge

To execute these campaigns more effectively, Scattered Spider actively recruits skilled social engineers. Their criteria are precise: candidates must speak native or regionally neutral English and be available during Western business hours. These operators are then equipped with:

Detailed call scripts tailored to the organization being targeted.

Real-time coaching, where a “curator” provides live guidance to handle unexpected situations during calls.

Reliaquest also noted that the group deliberately avoids targeting entities in Russia and the Commonwealth of Independent States, suggesting both geopolitical awareness and operational discipline.

Future Threat: AI-Enhanced Social Engineering


Looking ahead, Reliaquest warns that Scattered Spider is likely to adopt AI tools to further automate and scale their trust-based attacks.

While the FBI’s recent alert focused on threats to the transportation and aviation sectors, other industries are already feeling the impact. John Hultquist, Chief Analyst at Google Threat Intelligence Group, confirmed:

“We are aware of multiple intrusions in the U.S. that bear all the hallmarks of Scattered Spider activity.”

The insurance sector has emerged as a prominent new target. Jon Abbott, CEO of ThreatAware, emphasized:

“The rising tide of attacks on U.S. insurers is a serious threat that should not be underestimated.”

However, he also cautioned that this trend is not limited to insurers; organizations across all industries should take it as a warning.

Supply Chain Weakness: The Common Denominator


Many of these incidents share a dangerous pattern: attackers first compromise a smaller vendor or partner, then use that access to pivot into larger, more valuable targets.

Richard Orange, Vice President at Abnormal AI, echoed the FBI’s concerns:

“This group relies on social engineering rather than technical exploits.”

By posing as trusted contacts, attackers manipulate employees into granting access—allowing them to move laterally across networks, harvest credentials, and breach other departments or third-party systems.

Security First: Verify Every Request


Organisations are strongly advised to:

  1. Scrutinise all requests for changes to multi-factor authentication (MFA) settings.
  2. Enforce strict identity verification procedures, regardless of how convincing the caller may seem.
  3. In this evolving threat landscape, vigilance remains the strongest defense.

Read more »
Subscribe to: Comments (Atom)