A Hawaiian Airways jet is parked at a jetway at Daniel Ok. Inouye Worldwide Airport on January 20, 2024 in Honolulu, Hawaii.
Kevin Carter | Getty Photos
At the very least two North American airways have been victims of felony hackers lately as cybersecurity firms warn {that a} infamous cybercriminal group has been focusing on the aviation trade.
Westjet and Hawaii Airways each mentioned in June statements that they’re responding to cyberattacks.
American Airways additionally skilled a tech subject on Friday, although it is unclear if it was associated or prompted in any approach by hackers.
“A know-how subject is affecting connectivity for a few of our programs and we’re working with our companions to completely resolve the difficulty,” an American Airways spokesperson mentioned in an announcement. “Although we’re experiencing delays because of this, we now have not canceled any flights right now.”
Cybersecurity firms that work straight with firms hit by hackers often chorus from speaking about particular victims, citing nondisclosure agreements. However each Google and Palo Alto Networks mentioned Friday that they’ve noticed a very efficient cybercriminal group, nicknamed Scattered Spider by the cybersecurity trade, that tries to hack firms concerned in aviation.
Scattered Spider is a loosely affiliated group of younger, largely English-speaking males who’re extraordinarily adept at sweet-talking their approach into delicate laptop entry at giant firms. From there, they typically hand that entry to exterior cybercriminals who set up ransomware — malicious software program that locks up computer systems, rendering them inoperable — after which demand an extortion cost.
The group has been tied to assaults on Las Vegas casinos in 2023 and British malls earlier this yr. After Google warned that Scattered Spider was focusing on American retailers, a cyberattack hobbled a high Entire Meals provider, resulting in empty cabinets throughout the nation.
Charles Carmakal, the chief know-how officer of Mandiant, Google’s cloud safety firm, mentioned in an emailed assertion that it was monitoring “a number of incidents within the airline and transportation sector” the place Scattered Spider had damaged in.
“We’re nonetheless engaged on attribution and evaluation, however given the behavior of this actor to give attention to a single sector we propose that the trade take steps instantly to harden programs,” he mentioned.
Particulars on the consequences of the assaults on airways are nonetheless sparse.
A WestJet spokesperson advised NBC Information in an e mail that the corporate first seen it had been hacked on June 13 and has made “vital progress” to resolve it. Hawaiian Airways mentioned in a Friday submitting with the Securities and Change Fee that it found on Monday that it had been hacked and that “Flights are at present working safely and as scheduled.”
Neither firm responded to questions on whether or not any flights had been canceled or delayed due to the assaults.