In late June, the Federal Bureau of Investigation (FBI) shared that a cybercriminal group has started targeting the airline sector, and “anyone in the airline ecosystem” could be at risk.

The FBI shared the notice on Facebook on June 28. The post explained that the cybercriminal group Scattered Spider has hackers who “steal sensitive data for extortion and often deploy ransomware.” According to the authority, the cybercriminals often attack “large corporations and their third-party IT providers.” The hackers allegedly impersonate employees of major airline corporations, duping IT help desks, which then give up access to sensitive information.

“These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts,” explained the FBI regarding Scattered Spider’s airline industry-related scam.

Elsewhere in the authority’s post, it stated that “Anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.”

According to the government’s Cybersecurity and Infrastructure Security Agency, Scattered Spider may also go by the names Starfraud, UNC3944, Scatter Swine, and Muddled Libra. Via “social engineering techniques,” the cybercriminal group reportedly engages in “phishing, push bombing, and subscriber identity module (SIM) swap attacks,” among other unsavory online activities.

The FBI claims that it “is actively working with aviation and industry partners” to address the scam and support impacted victims. Additionally, the authority says early reporting will help them “engage promptly, share intelligence across the industry, and prevent further compromise.”

To report suspected Scattered Spider illegal activity, those potentially impacted should contact their local FBI office.

Cybersecurity is a crucial aspect of safety that travelers and all those working in the travel industry should prioritize. There are ways to keep yourself and your data secure, and precautions should be taken whenever possible.

In early June, the Transportation Security Administration suggested two golden cybersecurity rules for when traveling through airports. The first is using a personal power bank to charge your devices instead of public charging stations. The second is being mindful of the public Wi-Fi networks you join.

Air Travel, airlines, FBI, Travel Intel, Travel Scam