Two major North American airlines, WestJet and Hawaiian Airlines, recently confirmed they were victims of cyberattacks. Both companies acknowledged the incidents in statements issued in June, with Hawaiian Airlines disclosing the breach in a filing with the Securities and Exchange Commission.
While they emphasized that flights were still operating safely and on schedule, specifics on disruptions, such as delays or cancellations, remain unclear. The attacks have heightened concerns within the aviation industry, already a critical and sensitive sector when it comes to cybersecurity.
Scattered Spider Emerges as Aviation Cybersecurity Threat Amid Rising Industry-Wide Tech Disruptions
Although American Airlines also experienced a system outage around the same time, the company has not confirmed any connection to a cyberattack. They attributed the disruption to a general technology issue impacting system connectivity but clarified that no flights had been canceled. The incident nevertheless added to the anxiety around aviation cybersecurity, especially given its timing and the broader context of rising cyber threats in the sector.
Cyberattacks Hit WestJet and Hawaiian Airlines as Scattered Spider Targets Aviation SectorCybersecurity companies, including Google and Palo Alto Networks, have identified a well-known cybercriminal group, dubbed “Scattered Spider,” as a key threat to the aviation industry. This group, primarily composed of young English-speaking hackers, is known for using social engineering tactics to infiltrate corporate systems.
Once inside, they often pass access to other cybercriminals who deploy ransomware, paralyzing operations and demanding payment. Experts note the group’s past involvement in attacks on prominent Las Vegas casinos and British retail chains.
Aviation Industry Urged to Strengthen Cybersecurity Amid Rising Sector-Specific Threats from Hackers
Scattered Spider appears to focus its attacks on specific sectors, with aviation now seemingly a top target. Charles Carmakal, CTO at Google’s Mandiant division, confirmed his team is tracking multiple incidents in transportation. He urged companies in the airline industry to strengthen their cybersecurity immediately. The group’s attack methods, combined with their sector-focused approach, pose a significant challenge for corporate IT teams and national infrastructure protection.
While the full extent of the attacks on WestJet and Hawaiian Airlines remains undisclosed, both companies claim to have made progress in resolving the breaches. Still, their silence on any flight disruptions and operational impact leaves questions unanswered. With threats like Scattered Spider growing more advanced and targeted, cybersecurity professionals warn that the aviation industry must remain vigilant and take proactive steps to defend against further incursions.
