The FBI has disclosed that the cybercrime group Scattered Spider is expanding its targeting to the airline sector. The agency is actively collaborating with aviation and industry partners to combat this activity.
According to the FBI, Scattered Spider employs social engineering techniques to deceive IT help desks into granting access, often by impersonating employees or contractors. These tactics include bypassing multi-factor authentication (MFA) by convincing help desk services to add unauthorized MFA devices to compromised accounts.
Scattered Spider also targets third-party IT providers to gain access to large organizations, putting trusted vendors and contractors at risk. The attacks typically lead to data theft, extortion, and ransomware.
Palo Alto Networks Unit 42’s Sam Rubin confirmed the threat actor’s attacks on the aviation industry, urging organizations to be vigilant against advanced social engineering attempts and suspicious MFA reset requests.
Google-owned Mandiant also warned of Scattered Spider’s activities in the airline and transportation sectors, emphasizing the need for tightening help desk identity verification processes.
Scattered Spider’s success lies in its understanding of human workflows. The group focuses on exploiting people behind the systems, relying on social engineering to gain access.
Scattered Spider is part of a collective known as the Com, which includes other groups like LAPSUS$. The group’s tactics involve social engineering, helpdesk phishing, and insider access to penetrate hybrid environments.
ReliaQuest detailed how Scattered Spider actors targeted a CFO to breach an organization, demonstrating their ability to adapt and rapidly escalate their attack.
The incident involved actions such as conducting enumeration on privileged accounts, infiltrating the Horizon Virtual Desktop Infrastructure, breaching the organization’s VPN infrastructure, and gaining access to the CyberArk password vault.
The bigger picture shows that social engineering attacks have evolved into detailed identity threat campaigns, bypassing multiple layers of defense.
Businesses are urged to reevaluate and strengthen ID verification protocols to reduce the risk of human error being exploited by adversaries.
If you found this article interesting, follow us on Twitter and LinkedIn for more exclusive content.
