The M&S ‘Scattered Spider' hackers are coming for your holidays
This week it emerged that the secretive 'Scattered Spider' group who attacked M&S and Co-op are targeting the aviation industry.
Charles Carmakal, an executive at Google's cybersecurity unit, said that his firm was 'aware of multiple incidents in the airline and transportation sector which resemble the operations [of] Scattered Spider.'
Sam Rubin, of Palo Alto Networks, said his company had 'observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry.'
While neither Rubin nor Carmakal specified which airlines have been targeted, Hawaiian Airlines and WestJet have recently suffered cyber attacks. WestJet said the incident affected 'some services and software systems' including its app, but neither airline suffered operational disruption due to the breach.
The issue is not isolated to North America. On Monday June 30, Qantas suffered a major cyber attack, reportedly compromising the personal data of up to six million customers.
A spokesperson for the UK Civil Aviation Authority (CAA) told The Telegraph: 'We are aware of rumoured activity. We are in contact with the National Cyber Security Centre and have warned our industry contacts about this group and the techniques they use.'
One of the things that the CAA would have told their industry contacts is that when Scattered Spider targets an industry, the attack tends to be sustained and relentless for a period. If aviation is next in line, how could a hack play out, and what can you do to protect your holiday?
Worrying potential
There are a few different avenues for the hackers. One would be to target airlines' corporate infrastructure. In 2018, 380,000 British Airways customers had their credit card details stolen in a major data breach. Bookings made in a two-week window had been infiltrated in a 'very sophisticated, malicious criminal' attack, according to the airline's former CEO Alex Cruz. The airline was later fined £20m for the security breach.
A second scenario is that ground systems could be targeted. In 2015, Poland's flag carrier LOT cancelled 10 flights after hackers infiltrated the computer systems that issued flight plans from Warsaw's Chopin Airport. But the scale could be much bigger than this. In 2023, the US Federal Aviation Administration's 'Notice to Airmen' (NOTAM) system suffered a three-hour outage.
The result was that all flights across the US were grounded for the first time since 9/11, leaving 11,000 aircraft stuck on tarmac across the country. While this was a hardware issue, not a malicious hack, it highlights the potential impact of a sudden IT meltdown.
The third, and perhaps most worrying scenario, is that in-flight systems could be infiltrated. Earlier this year, several aircraft coming into land at Ronald Reagan National Airport in Washington DC received false mid-air collision warnings, even though there were no other planes in the area.
The pilots receiving the alerts disconnected autopilot and climbed rapidly. It is unknown whether this was caused by the deliberate, malicious 'spoofing' of airline systems, or if it was due to an error or another cause. Regardless, it is an example of how hackers could potentially enter the cockpit in the future, putting pilots into compromised scenarios.
This week's Qantas data breach suggests hackers are already targeting the databases of airlines. But given the nature of Scattered Spider's previous high-profile, high-impact attacks, scenarios two or three should not be ruled out.
'Hacking groups thrive on attention, and with families about to start jetting off on their summer holidays, the potential to attack and extort an airline is irresistible,' says Matt Saunders of Adaptavist, a tech consultancy which works with major airlines.
'The good news is that a potential hacking attempt should not cause safety issues for passengers, as any safety-critical IT systems will already have a manual backup option which maintains the highest safety standards in the event of an unwelcome intrusion,' he added.
How to hack-proof your holiday
There are steps that we, the passenger, can take to protect ourselves from cyber attacks. Paying for your holiday with a credit card is preferable; if somebody makes unauthorised payments on your card you will be protected by the Consumer Credit Act, meaning the process of reclaiming your lost funds will be more straightforward.
Regularly changing the password for your online account with an airline's website or app will also help to protect it from the rising issue of air-mile theft. And, as always, avoid booking tickets on public Wi-Fi networks which might not be encrypted, potentially putting your data at risk.
When it comes to the larger scale hacking incidents, we can only rely on the strength of airline security systems – which are, by all accounts, becoming more powerful. In 2024 alone, the aviation industry spent $37bn (£27bn) on IT systems, and airports spent $9bn (£6.5bn). Around half of airlines and three quarters of airports are in the process of safeguarding data and upgrading IT systems.
'Defending against these risks requires more than perimeter controls – it demands continuous workforce education, Zero Trust principles, phish-resistant multi-factor authentication and identity verification that can't be socially engineered,' stresses Jordan Avnaim of identity security company, Entrust.
Recent cyber attacks on Hawaiian, WestJet and Qantas did not affect flight operations, which should give us hope. Nevertheless, the fact that the shelves in some M&S stores were empty for six weeks and its online orders were suspended – to the sum of £300m – shows why airports, airlines and passengers should remain on high alert.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Mail
31 minutes ago
- Daily Mail
One of America's most important companies slashes 20,000 jobs and offers huge buyouts
UPS is offering voluntary buyouts to its full-time US drivers following its decision to slash 20,000 jobs and close 73 facilities. The Atlanta-based company will be providing its laid off employees with various benefits, including pensions and healthcare. The layoffs are part of UPS's network configuration plan, which also confirms the upcoming closures of over 90 more facilities in the future. The changes are part of the company's $3.5 billion cost reduction target for 2025, aiming to reach a 12 percent US operational margin by next year. UPS, which is one of the largest parcel delivery companies in the US, currently has 490,000 employees, around 330,000 of which are represented by the Teamsters union. The union was the first to announce the buyout, calling it an 'illegal violation' of the national contract in which UPS committed to create 22,500 jobs. 'Our members cannot be bought off and we will not allow them to be sold out. UPS needs to live up to the existing contract. They must honor their commitments,' said Sean O'Brien, general president of the union. The announcement comes months after UPS decided to halve the number of Amazon deliveries it takes before tariffs imposed by President Donald Trump took effect. Deliveries for the e-commerce giant make up around 12 percent of UPS's revenue. The company concluded that its profit margins from Amazon deliveries profit were too small, and it wanted to focus on other markets like healthcare and international deliveries. 'The world has not been faced with such enormous potential impacts to trade in more than 100 years,' said CEO Carol Tomé. Prior to these massive layoffs, UPS axed 12,000 employees and closed 11 facilities last year after its income declined by $1.87 billion due to its 'disappointing year' in 2023. Those layoffs came less than six months after UPS and Teamsters reached a $30 billion deal with its 340,000 person-union, avoiding a potential strike. 'The actions we are taking to reconfigure our network and reduce cost across our business could not be timelier,' Tomé said. 'The macro environment may be uncertain, but with our actions, we will emerge as an even stronger, more nimble UPS.' The 20,000 UPS employees are not alone in this year's string of mass layoffs. UPS CEO Carol Tomé believes the actions being taken to reconfigure its network and cost reduction 'could not be timelier' Amazon CEO Andy Jassy said he plans to reduce the company's corporate workforce over the next few years as AI will make certain roles redundant. It comes after the company laid off around 18,000 employees in 2023, informing them via email. Intel joined the job bloodbath last month by laying off 20,000 employees, particularly those who worked in factories. Microsoft also confirmed it would cut around 4 percent of its global workforce as it ramps up investments in artificial intelligence. The tech giant will slash around 9,000 jobs across different teams, geographies and levels of experience, it said on Wednesday. Besides iconic tech empires, Walmart is scaring its employees by slashing about 1,500 US jobs months after it laid off hundreds of workers in North Carolina.
Reuters
an hour ago
- Reuters
AGL Energy buys South Australia's Virtual Power Plant from Tesla
July 4 (Reuters) - AGL Energy ( opens new tab said on Friday it had acquired South Australia's Virtual Power Plant (SAVPP) from Tesla (TSLA.O), opens new tab, as the Australian power retailer looks to ramp up its battery storage capacity to drive green energy transition. The deal comes as AGL seeks to fulfil its promise of exiting coal-fired generation and achieve net zero carbon emissions by 2035, targeting 1.4 gigawatts of grid-scale battery storage projects in the next year. The acquisition of SAVPP, one of the largest virtual power plants in Australia, will allow AGL to access a network of residential solar and battery systems comprising of about 7,000 Powerwall home batteries, with more expected to be installed this year. SAVPP is a network of solar and Powerwall home battery systems, installed on South Australian social and community housing which will now be owned by AGL. Under the program, customers will receive significantly discounted energy prices and the company will be exploring ways to expand the program to more users, it said in a statement. "We know that upfront costs of installing solar and batteries can be a significant barrier for many, and we are focused on how we can make these more accessible," AGL Chief Customer Officer Jo Egan said. The solar and battery assets under the program will be coordinated to work together, and also used to help stabilise the electricity grid where required, the company said. The company did not disclose the value of the deal, while electric vehicle maker Tesla did not immediately respond to a Reuters request for comments on the deal value.
Finextra
an hour ago
- Finextra
UK bids to cut red tape for fintech firms
The UK's Regulatory Innovation Office is to work with the Digital Regulation Cooperation Forum to cut red tape for fintechs as they navigate complex regulation. 0 Last year, the UK's burgeoning fintech sector attracted $3.6 billion in investment, representing a key pillar in the Government's go-for-growth strategy. Technology secretary Peter Kyle says fragmented rules and regulatory complexity slow down innovation, delay safer financial products reaching the public, and deter investment. The collaborative work between the RIO and DRCF will lead to creation of as unified digital library providing 'one stop' access to digital policy and regulations for innovators. Kyle says the initiative will better help fintech firms navigate through the maze of regulations, noting that this could be especially tough for smaller companies, who often don't have teams of compliance experts on hand.
