Casino Hackers Targeting Airlines, Says FBI

• Hacking group that victimized Caesars, MGM is now targeting airlines
• FBI says bad actors using ransomware, social engineering tactics to extort companies

Scattered Spider, the band of cyber bandits that executed large-scale ransomware attacks against MGM Resorts International and Caesars Entertainment in 2023, is targeting another travel and leisure industry: airlines.

In a recent alert, the FBI said it’s seen increased activity by Scattered Spider focusing on airlines with the criminals using social engineering techniques to dupe employees into granting them access to sensitive data. Social engineering is an increasingly common form of cyber thievery and one that’s afflicting myriad industries and their customers.

These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts,” according to the FBI.

The law enforcement agency added it’s working with airlines and related partners to “address this activity and assist victims.” The bureau also encouraged companies that believe they’ve been targets of cyber intrusions to contact law enforcement as soon as possible.

Scattered Spider Up To Its Old Tricks

With the alleged attacks on airlines, Scattered Spider appears to be deploying a playbook similar to what was used in 2023 against Caesars and MGM: get access to sensitive data, threaten the affected companies with release of that information, and hope the corporations will pay rather than deal with the headaches of customer data being put up for sale on the dark web.

The hackers did in fact extort Caesars and MGM in 2023. Caesars is said to have paid Scattered Spider $15 million to resolve the issue. MGM didn’t play ball, resulting in a multi-day crippling of its technology systems across its portfolio of domestic casinos.

Compounding those woes were financial consequences, including a $100 million hit to MGM’s third-quarter earnings in 2023 and $10 million in one-time expenses. The FBI urges ransomware victims to not comply with perpetrators because payments encourage the bad actors to infiltrate other companies.

Airlines haven’t specifically identified Scattered Spider as executing crimes against them, but Canada’s WestJet  and Hawaiian Airlines were recently targeted by cyberattacks while Delta Airlines asked customers to reset passwords and other credentials.

Airlines Make for Predictable Victims

Like casino operators, airlines come into contact with scores of highly sensitive customer data, including addresses, names, and numbers on government documents, such as drivers licenses or passports, among other information.

That’s exactly the type of data nefarious groups such as Scattered Spider look to procure because companies can suffer significant reputational damage by not preventing cyber intrusions and allowing customer information to be released. Some experts believe that if Scattered Spider is in fact hitting airlines, it’s just another day at the office for the bad actors.

“Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks. Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their tactics, techniques, and procedures (TTPs),” according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

https://www.casino.org/news/casino-hackers-targeting-airlines-says-fbi/