FBI issues alert as hacker group expands attacks to aviation industry
Once they're in, they swipe sensitive data - then hold it hostage, demanding a payout to keep it from being leaked or sold, the agency explained. According to the FBI, the hackers often go a step further - locking up entire systems with ransomware, leaving them completely unusable until the hefty ransom is paid. 'They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,' the warning read.
On June 27, the FBI warned the millions of daily air travelers that the notorious hacker group Scattered Spider started infiltrating the transportation industry, and often gain access by impersonating employees or contractors. Using what the FBI referred to as 'social engineering techniques' - Scattered Spider is known to trick company's IT help desks into letting them inside the secure internal systems. One of their go-to tactics is tricking IT desks into adding fake devices - disguised as routine 'help' - which then allow the hackers to slip past key security measures like multi-factor authentication. 'Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,' the FBI wrote. 'The FBI is actively working with aviation and industry partners to address this activity and assist victims,' they added. 'Early reporting allows the FBI to engage promptly, share intelligence across the industry, and prevent further compromise.'
Brett Winterford, vice president of threat intelligence at Okta, described Scattered Spider as a loosely connected group of young hackers - mostly from Western countries - who collaborate and share techniques in an online forum called TheCom, as reported by Forbes . While money is their main motivation, Winterford said that they're also driven by 'the desire to score a big win that impresses their peers,' according to the outlet. They don't stick to one type of target - if they succeed in attacking one company in an industry, they will try the same trick on similar companies again and again.
'If they enjoy success against a target in any given industry, they'll rinse and repeat against similar organizations,' Winterford added. This is just the latest troubling news in the aviation world - the same tactics seem to be behind the recent cyberattack on Qantas. On Monday, Qantas - Australia's largest airline - confirmed a major data breach that could have impacted up to six million customers .
In a statement on its website, Qantas said it detected unusual activity on a third-party customer service platform used by one of its call centers. A cybercriminal reportedly targeted the call center, breaking into the customer service platform - but Qantas said they locked down the breach shortly afterward . 'There are six million customers that have service records in this platform,' the statement said. 'We are continuing to investigate the proportion of the data that has been stolen, though we expect it will be significant.' 'An initial review has confirmed the data includes some customers' names, email addresses, phone numbers, birth dates and frequent flyer numbers,' it added. However, the airline also assured customers that credit card details, personal financial information and passport data were not stored in the compromised system.
In an update on Friday, Qantas said the group believed responsible for the incident remained unclear and that it had not received a ransom request . Now, the biggest danger is that the stolen data could be used for fraud or even identity theft . Airlines have since been urged to strengthen their security after the massive hack left the aviation giant vulnerable to potential legal consequences.
Last month, in a strikingly similar case, Delta Air Lines locked access to some frequent flyer accounts due to cybersecurity concerns discovered earlier that week - but didn't immediately inform the affected customers, The Hill reported . The issue came to light when a customer - who happened to be a TV reporter in Pennsylvania, according to The Hill - was unable to access his Delta account or change his password. When the reporter dug deeper, a Delta reservations agent revealed that the airline was dealing with 'concerns about a potential security breach' affecting 'a large number of customers' - possibly up to 68,000. Although customers were asked to verify their identity by uploading a photo of a valid government ID, a Delta spokesperson insisted that SkyMiles accounts remained secure and said the credential resets were carried out 'out of an abundance of caution,' according to the outlet.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Sun
14 minutes ago
- The Sun
Worker accidentally overpaid $400,000 she ‘thought was a bonus' on her $60k salary & blew it on luxury shopping
A HORSE clinic receptionist is accused of grand theft after being accidentally overpaid $400,000 in veterinarian checks. Yessica Arrua, 29, from Wellington, Florida, was arrested after allegedly keeping the cash and spending more than half on shopping and transfers to her family. 3 3 3 Yessica, whose annual salary was $60,000, was overpaid from February 2022 to January 2023, according to a Palm Beach Sheriff's Office report obtained by the Daily Mail. While she allegedly admitted she knew she was being overpaid, she said she thought the extra cash was a "bonus" for her work as a receptionist, according to the police report. She said she "heard rumours before that the previous receptionist had received one for saving the practice money on supplies". The Palm Beach Equine Clinic's (PBEC) spotted the mistake in early 2023 and alerted the company's payroll provider, Harbor America. Yessica was arrested on June 27. She allegedly did not report the overpayment to the clinic, instead spending the money at stores like Coach, Michael Kors, furniture shops and restaurants, according to the report. It added that thousands of dollars were sent through Zelle to a person nicknamed "Mama Dukes", while $80,000 was used to buy a food truck for a friend of her mother's. Yessica said that she also sent money to people in Argentina - where she is originally from - to build a house. The 29-year-old had been working at PBEC for nine years. She is said to have known the company president - who reported her to the police - since the age of nine. Baltimore Orioles Prospect Luis Guevara Dies at 19 in Jet Ski Accident The veterinarian on the annual salary of $450,000 "did not monitor her checking account and deposits for the past year", according to the police report. She only realised that she had not been paid when her credit cards declined, it added. When the veterinarian confronted her, Yessica "broke down crying and admitted the criminal action", according to the police report. She then issued a cashier's check for $200,000 of the estimated $414,000 she pocketed. But she claimed she could not return the rest of the money because her mother had already sent $100,000 of it to family in Argentina, who thought it was a "gift from God", according to the police report. Yessica has been charged with grand theft and money laundering, each involving sums of $100,000 or more. She is currently in custody at Palm Beach's Main Detention Center. The PBEC, a full-service 24-hour equine medical facility operating since 1981, is ran by President Dr Scott Swerdlin. The police report stated that President Swerdlin wanted Harbor America and Yessica Arrua to be held accountable. Police were reportedly told by representatives from Harbor America that the individuals who knew about the error were no longer employed by the firm. It comes as a Brit was scammed out of £200 after being sweet-talked by a fake Jennifer Aniston begging for cash for 'Apple subscriptions'. Paul Davis, 43, from Southampton, handed over the money after believing he was talking to the Friends star on Facebook. Paul, who battles depression, revealed how he was bombarded with dozens of eerily convincing videos from fake celebrity accounts.
The Guardian
37 minutes ago
- The Guardian
Qantas attack reveals one phone call is all it takes to crack cybersecurity's weakest link: humans
All it can take is a phone call. That's what Qantas learned this week when the personal information of up to 6 million customers was stolen by cybercriminals after attackers targeted an offshore IT call centre, enabling them to access a third-party system. It is the latest in a series of cyber-attacks on large companies in Australia involving the personal information of millions of Australians, after the attack on Optus, Medibank and, most recently, Australia's $4t superannuation sector. The Qantas attack came just days after US authorities warned the airline sector had been targeted by a group known as Scattered Spider, using social engineering techniques, including impersonating employees or contractors to deceive IT help desks into granting access, and bypassing multi-factor authentication. While companies may spend millions keeping their systems secure and software up-to-date to plug known vulnerabilities, hackers can turn to this form of attack to target, often, the weakest link – humans. Social engineering is not new. It predates the internet, involving tricking someone into providing compromising information. The most common way people would see social engineering in practice is through phishing attacks – emails that are designed to look official to lure unsuspecting people into providing their login and passwords. The phone-call version of social engineering, known as vishing, can be more complicated for the attacker, requiring research into a company and its employees, and tactics to sound convincing over the phone to get the unwitting worker to let them in. Sign up for Guardian Australia's breaking news email The arrival of easy-to-use artificial intelligence products, including voice cloning, will only make this easier for attackers. The Office of the Australian Information Commissioner's most recent data breaches report, covering the second half of 2024, noted a significant rise in reports of breaches caused by social engineering attacks, with government agencies reporting the most, followed by finance and health. The Qantas breach – that compromised information including names, email addresses, phone numbers, dates of birth and frequent flyer numbers – in isolation might not lead to financial loss, but the growing number of data breaches in Australia means hackers are able to collate data collected across the breaches and potentially launch attacks on unsuspecting new targets. In April, the nation's superannuation funds became aware of the dangers of hackers collecting compromised login details from other breaches to gain access to super accounts, in what is termed credential stuffing. The industry was fortunate only a handful of customers suffered losses, together approximately $500,000 – likely a combination of the funds locking down systems, and the high proportion of fund holders who have yet to reach the age where they can access their super. The Albanese government, however, has been warned that the attack was a canary in the coalmine for the financial sector. In advice to the incoming government in May – released this week under freedom of information laws – the Australian Prudential Regulation Authority (Apra) warned super assets were at risk. 'Cyber-attacks at large superannuation funds, that look likely to increase in scope and frequency, highlight that capability in the management of cyber and operational risks must improve,' Apra said. 'While the number of member accounts that had funds fraudulently withdrawn was small, the incident highlighted the need for this sector to uplift its cybersecurity and operational resilience maturity. 'This need will only grow as the sector increases in size, more members enter retirement and the sector takes on greater systemic significance with inter-linkages to the banking sector.' Sign up to Breaking News Australia Get the most important news as it breaks after newsletter promotion Apra had warned the sector in 2023 of the importance of multi-factor authentication – something some of the funds had failed to implement before the April attack. The regulator said there were also sustained cyber-attacks on banking and insurance businesses, and third-party providers that were 'continuing to test resilience and defences as attackers develop new technologies and approaches'. Healthcare, finance, technology and critical infrastructure, such as telecommunications, were most at risk from cyber threats, according to Craig Searle, global leader of cyber advisory at global cybersecurity firm Trustwave. 'The technology sector is uniquely exposed due to its central role in digital infrastructure and interconnected supply chains,' he said. 'An attack on a single tech provider can cascade to hundreds or thousands of downstream clients, as seen in recent high-profile supply chain breaches. 'Overall, the sectors most at risk are those with high-value data, complex supply chains, and critical service delivery.' Searle said attackers like Scattered Spider deliberately targeted third-party systems and outsourced IT support, as seen in the Qantas breach, representing a risk for large companies. 'The interconnected nature of digital supply chains means a vulnerability or misconfiguration in a partner or contractor can trigger a domino effect, exposing sensitive data and operations far beyond the initial breach,' he said. Christiaan Beek, senior director for threat analytics at cybersecurity firm Rapid7, said third-party systems had become an integral part of many organisations' business operations and, as a result, were increasingly targeted by threat actors. 'It's essential for organisations to apply the right levels of due diligence in assessing the security posture of such third-party systems to reduce the risk of their information being compromised.' Searle said organisations needed to shift from reactive to proactive cybersecurity, apply software patches promptly and enforce strong access control such as multi-factor authentication. Beek agreed organisations needed to be proactive, with executives held accountable for cybersecurity in their organisations, as well as board oversight. 'The novel tactics observed by modern-day cybercrime groups escape the typical confines of security management programmes,' he said. 'The no-limits approach of these criminals pushes us to rethink the typical boundary of defence, in particular surrounding social engineering and the ways in which we can be taken advantage of.'
Daily Mail
an hour ago
- Daily Mail
BREAKING NEWS Moment furious Mets manager Carlos Mendoza ERUPTS at MLB officials before getting ejected from Yankees game
New York Mets manager Carlos Mendoza was ejected from their defeat against the Yankees on Sunday after losing his cool with an MLB umpire over balls and strikes. When Luis Torrens was struck out in the ninth inning despite the ball appearing to fall just outside the strike zone, Mendoza immediately ran onto the field in protest. The Venezuelan erupted after making a beeline for the officials, gesturing furiously while shouting in their faces before he was swiftly ejected from the game. In the end his team were beaten 6-4 by city rivals the Yankees in the third and final game of their latest Subway Series. More to follow.
