FBI Issues New Alert: Caesars and MGM Hackers Now Targeting Airlines
The Federal Bureau of Investigation has just released a report saying that the group of hackers that once targeted MGM Resorts International and Caesars Entertainment may potentially hit the airline industry next. Scattered Spider, the hacking group that victimized the two biggest casino operators in 2023, may have airlines in its sights using social engineering, an increasingly used type of cyber thievery, and ransomware.
The notorious cybercriminal group known as Scattered Spider - responsible for 2023's headline-making ransomware attacks on Caesars Entertainment and MGM Resorts International - is now setting its sights on another high-profile sector: the airline industry.
According to a recent alert from the FBI, this group of hackers has shifted focus from casinos to aviation, using sophisticated social engineering tactics to infiltrate airline IT systems. These tactics often involve impersonating legitimate employees or contractors in an attempt to fool help desk staff into granting unauthorized access.
Scattered Spider actors are increasingly relying on social engineering techniques, often impersonating employees or contractors to deceive IT help desks, the FBI stated. These methods are also used to bypass multi-factor authentication (MFA), such as tricking help desks into registering unauthorized MFA devices, the FBI added.
Ransomware and extortion: a familiar strategy
The FBI alert indicates that Scattered Spider is once again using ransomware to lock down corporate systems and extort payment from victims, a strategy that proved profitable in the group's previous attacks on the casino industry.
In 2023, Caesars Entertainment reportedly paid the hackers $15 million to prevent the release of sensitive customer data. MGM Resorts, which refused to comply, suffered widespread technological outages that crippled its casino operations and cost the company roughly $100 million in lost revenue and another $10 million in one-time fees.
The law enforcement agency is now warning airline companies and their partners to remain vigilant and is actively working with them to combat the growing threat. The FBI is collaborating with affected industries to address this activity and assist victims, the agency noted. We encourage any business that suspects it has been targeted to contact law enforcement immediately, it continued.
Airlines already under siege
While no airline has officially named Scattered Spider as the culprit, the sector has recently experienced a surge in cyberattacks. WestJet in Canada and Hawaiian Airlines both reported being targeted, while Delta Airlines has urged customers to reset their passwords as a precautionary measure. The pattern of attacks, combined with the use of deceptive tactics, closely mirrors the methods previously deployed against casinos. Industry insiders and security experts suggest that it's highly plausible Scattered Spider is behind these recent intrusions.
Airlines, much like casinos, manage a vast wealth of sensitive customer information, including names, physical addresses, travel itineraries, and details from government-issued IDs such as passports and driver's licenses. This makes them particularly attractive to hackers seeking to profit from data theft and extortion.
Airlines are logical targets, cybersecurity experts say. They hold highly sensitive personal data that can be sold, ransomed, or leaked - each of which poses major reputational and financial risks. According to the US Cybersecurity and Infrastructure Security Agency, Scattered Spider has a well-documented history of data theft and extortion, often in conjunction with ransomware known as BlackCat or ALPHV. The group is known for targeting not only large corporations but also their contracted IT providers, exploiting weak links in cybersecurity protocols.
FBI reiterates: don't pay hackers
Despite the temptation to resolve such incidents quietly, the FBI strongly advises businesses against paying ransom. Doing so, officials argue, only emboldens threat actors and increases the likelihood of future attacks.
The growing threat posed by Scattered Spider demonstrates the critical need for robust cybersecurity across industries. As the group continues to expand its range of victims, companies in the travel, leisure, and aviation sectors are being urged to boost their defenses, train staff to recognize social engineering schemes, and report suspicious activity without delay.