Latest news with #CharlesCarmakal
Time of India
3 hours ago
- Business
- Time of India
Tech firms warn 'Scattered Spider' hacks are targeting aviation sector
Academy Empower your mind, elevate your skills Tech companies Google and Palo Alto Networks are sounding the alarm over the "Scattered Spider" hacking group's interest in the aviation a statement posted on LinkedIn on Friday, Sam Rubin, an executive at Palo Alto's cybersecurity-focused Unit 42, said his company had "observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry."In a similar statement, Charles Carmakal, an executive with Alphabet-owned Google's cybersecurity-focused Mandiant unit , said his company was "aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider."Neither executive identified which specific companies had been targeted, but Alaska Air Group-owned Hawaiian Airlines and Canada's WestJet have both recently reported being struck by unspecified cyber company has gone into detail about the intrusions or commented on any potential links between the incidents and Scattered loose-knit but aggressive hacking group, alleged to at least in part comprise youngsters operating in Western countries, has been blamed for some of the most disruptive hacks to hit the United States and Europe in recent 2023, hackers tied to the group broke into gaming companies MGM Resorts and Caesars Entertainment, partially paralyzing casinos and knocking slot machines out of this year, the group wreaked havoc at British retailers. More recent targets include the U.S. insurance industry.
CNBC
6 hours ago
- Business
- CNBC
North American airlines targeted by cyberattacks
At least two North American airlines have been victims of criminal hackers recently as cybersecurity companies warn that a notorious cybercriminal group has been targeting the aviation industry. Westjet and Hawaii Airlines both said in June statements that they are responding to cyberattacks. American Airlines also experienced a tech issue on Friday, though it's unclear if it was related or caused in any way by hackers. "A technology issue is affecting connectivity for some of our systems and we are working with our partners to fully resolve the issue," an American Airlines spokesperson said in a statement. "Though we are experiencing delays as a result, we have not canceled any flights at this time." Cybersecurity companies that work directly with companies hit by hackers usually refrain from talking about specific victims, citing nondisclosure agreements. But both Google and Palo Alto Networks said Friday that they have observed a particularly effective cybercriminal group, nicknamed Scattered Spider by the cybersecurity industry, that tries to hack companies involved in aviation. Scattered Spider is a loosely affiliated group of young, mostly English-speaking men who are extremely adept at sweet-talking their way into sensitive computer access at large companies. From there, they often hand that access to outside cybercriminals who install ransomware — malicious software that locks up computers, rendering them inoperable — and then demand an extortion payment. The group has been tied to attacks on Las Vegas casinos in 2023 and British department stores earlier this year. After Google warned that Scattered Spider was targeting American retailers, a cyberattack hobbled a top Whole Foods supplier, leading to empty shelves across the country. Charles Carmakal, the chief technology officer of Mandiant, Google's cloud security company, said in an emailed statement that it was tracking "multiple incidents in the airline and transportation sector" where Scattered Spider had broken in. "We are still working on attribution and analysis, but given the habit of this actor to focus on a single sector we suggest that the industry take steps immediately to harden systems," he said. Details on the effects of the attacks on airlines are still sparse. A WestJet spokesperson told NBC News in an email that the company first noticed it had been hacked on June 13 and has made "significant progress" to resolve it. Hawaiian Airlines said in a Friday filing with the Securities and Exchange Commission that it discovered on Monday that it had been hacked and that "Flights are currently operating safely and as scheduled." Neither company responded to questions about whether any flights had been canceled or delayed because of the attacks.
NBC News
11 hours ago
- Business
- NBC News
North American Airlines targeted by cyberattacks
At least two North American airlines have been victims of criminal hackers recently as cybersecurity companies warn that a notorious cybercriminal group has been targeting the aviation industry. Westjet and Hawaii airlines both said in June statements that they are responding to cyberattacks. American Airlines also experienced a tech issue on Friday, though it's unclear if it was related or caused in any way by hackers. 'A technology issue is affecting connectivity for some of our systems and we are working with our partners to fully resolve the issue,' an American Airlines spokesperson said in a statement. 'Though we are experiencing delays as a result, we have not canceled any flights at this time.' Cybersecurity companies that work directly with companies hit by hackers usually refrain from talking about specific victims, citing nondisclosure agreements. But both Google and Palo Alto Networks said Friday that they have observed a particularly effective cybercriminal group, nicknamed Scattered Spider by the cybersecurity industry, that tries to hack companies involved in aviation. Scattered Spider is a loosely affiliated group of young, mostly English-speaking men who are extremely adept at sweet-talking their way into sensitive computer access at large companies. From there, they often hand that access to outside cybercriminals who install ransomware — malicious software that locks up computers, rendering them inoperable — and then demand an extortion payment. The group has been tied to attacks on Las Vegas casinos in 2023 and British department stores earlier this year. After Google warned that Scattered Spider was targeting American retailers, a cyberattack hobbled a top Whole Foods supplier, leading to empty shelves across the country. Charles Carmakal, the chief technology officer of Mandiant, Google's cloud security company, said in an emailed statement that it was tracking 'multiple incidents in the airline and transportation sector' where Scattered Spider had broken in. 'We are still working on attribution and analysis, but given the habit of this actor to focus on a single sector we suggest that the industry take steps immediately to harden systems,' he said. Details on the effects of the attacks on airlines are still sparse. A WestJet spokesperson told NBC News in an email that the company first noticed it had been hacked on June 13 and has made 'significant progress' to resolve it. Hawaiian Airlines said in a Friday filing with the Securities and Exchange Commission that it discovered on Monday that it had been hacked and that 'Flights are currently operating safely and as scheduled.'
Axios
14 hours ago
- Business
- Axios
Prolific cybercriminal group now targeting aviation, transportation companies
The notorious Scattered Spider hacking gang is now actively targeting the aviation and transportation sectors, cybersecurity firms warned on Friday. Why it matters: The group of mostly Western, English-speaking hackers has been on a months-long spree that's prompted operational disruptions at grocery suppliers, major retail storefronts and insurance companies in the U.S. and U.K. Driving the news: Hawaiian Airlines said Thursday it's addressing a "cybersecurity incident" that affected some of its IT systems. Canadian airline WestJet faced a similar incident last week that caused outages for some of its systems and mobile app. A source familiar with the incidents told Axios that Scattered Spider was likely behind the WestJet incident. Josh Yeats, a WestJet spokesperson, told Axios that the company has made "significant progress" to resolve the incident, but did not answer questions about Scattered Spider's possible involvement. What they're saying: Charles Carmakal, the chief technology officer at Google's Mandiant Consulting, said in an emailed statement that the company is "aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider." "We are still working on attribution and analysis, but given the habit of this actor to focus on a single sector we suggest that the industry take steps immediately to harden systems," Carmakal said. Palo Alto Networks also said they saw evidence of these hackers targeting the aviation sector. "Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests," Sam Rubin, senior vice president of consulting and threat intelligence at Palo Alto Networks' Unit 42, said on LinkedIn.
Yahoo
21-05-2025
- Business
- Yahoo
Scattered Spider hackers in UK are ‘facilitating' cyber-attacks, says Google
UK-based members of the Scattered Spider hacking community are actively 'facilitating' cyber-attacks, according to Google, as disruption to British retailers spreads to the US. A group of hackers labelled 'Scattered Spider' have been linked with attacks on UK retailers Marks & Spencer, the Co-op and Harrods, with Google cybersecurity experts warning this week that unnamed retailers across the Atlantic are being targeted as well. Charles Carmakal, the chief technology officer at Google's Mandiant cybersecurity unit, said that the threat had moved to the US in a pattern typical of Scattered Spider assailants. Related: Largest US crypto exchange says cost of recent cyber-attack could reach $400m 'They tend to focus on a particular industry sector and geography for a few weeks and then they move on to something else,' he said. 'And right now they're focused on retail organisations. They start in the UK, and now they've shifted to US organisations.' Asked if UK members of Scattered Spider were involved in hacking M&S, he said: 'Without specifically naming who the victims are I will say broadly Scattered Spider members in the UK are facilitating and contributing to intrusions.' On Friday it emerged that M&S had warned its staff that some of their personal data may have been stolen in the cyber-attack last month. Sources told the Daily Telegraph that workers were told email addresses and full names were believed to have been taken as part of the hack. Earlier this week M&S revealed that some personal information relating to thousands of customers was taken by the hackers. The targeting of retailers in the UK, and the techniques associated with Scattered Spider, has prompted the country's cybersecurity agency to warn companies to look out for specific tactics. In an advisory note, the National Cyber Security Centre told businesses to look at how their IT help desks help staff members reset passwords. One gambit associated with Scattered Spider – a name coined for a set of hacking tactics rather than an homogenous group – is to ring up IT help desks and pretend to be employees or contractors in order to gain access to company systems. 'What we're seeing is they're making telephone calls, calling up help desks, pretending to be employees and convincing helpdesks to reset passwords,' said Carmakal. Carmakal added that the task of ringing up helpdesks was sometimes carried out by younger members of the Scattered Spider network. 'It's not always the [threat] actors themselves … that are actually making the phone calls. They outsource some of that work to other members of the broader community, generally younger individuals that aggregate on Telegram and Discord and want to make a few hundred bucks.' Scattered Spider is unusual among hacking groups deploying ransomware because it is composed of native English speakers from countries such as the UK, US and Canada. Carmakal said he had listened to 'countless calls' that Scattered Spider hackers have made to company employees, 'whether they were extorting them, or trying to convince somebody to provide credentials or harassing somebody'. Ransomware gangs infect their targets' computer systems with malicious software that effectively locks up their internal files, which the criminals then offer to release in exchange for a payment. Typically, these gangs are from Russia or former Soviet states. Carmakal's comments came as French luxury brand Dior said this week an 'unauthorised external party' had accessed some customer data. The scale of the breach and the identity of the attacker remains unclear, although Paris-based Dior said no payment information had been taken. This week Google's cybersecurity specialists said Scattered Spider was targeting US retailers. 'The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to … Scattered Spider,' said John Hultquist, the chief analyst at Google Threat Intelligence Group. 'The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.'
