Overview
- Cybersecurity leaders at Google’s Mandiant and Palo Alto Networks’ Unit 42 have confirmed multiple incursions into North American airline and transportation systems this month.
- WestJet reported a June 13 attack that affected its internal services and mobile app, while Hawaiian Airlines disclosed a June 23 intrusion that left flights operating normally.
- Operators linked to Scattered Spider use advanced social engineering techniques, performing fraudulent password resets and unauthorized MFA registrations to gain network access.
- The FBI alert urges airlines to strengthen help-desk identity verification, secure self-service password reset platforms and monitor for suspicious multi-factor authentication requests.
- American Airlines is experiencing an IT outage of unknown origin, but the FAA states there has been no safety impact and investigations into a possible cyber link are ongoing.