Airlines: caught in the web
This blog explores the recent wave of ransomware attacks by the Scattered Spider threat group, which has shifted its focus to the aviation and transport industry. It highlights how airlines like Hawaiian Airlines, WestJet, and Qantas were strategically targeted just before the busy summer travel season, examining the group’s tactics, timing, and the broader implications for cybersecurity in critical sectors.
The recent ransomware attacks on Hawaiian Airlines (24 June), WestJet (26 June) and most recently Qantas (30 June) mark the latest strike in a string of coordinated, calculated attacks by the threat group known as Scattered Spider on yet another industry.
Earlier this year, retail and insurance companies were targeted. This time, it’s aviation and transport, just as the summer holiday season kicks off. That timing is no accident. It’s designed for maximum disruption, public attention, and extortion to pay.
Same methods, new targets
Scattered Spider’s tactics aren’t new, although they do adapt to stay relevant. Their MO is exploiting the only un-patchable system present in every network: their people. They’ve been using social engineering to bypass even the strongest technical defences. The process is simple and effective:
- They research employees to phish their credentials
- They impersonate employees, contractors or third-party vendors
- They trick helpdesks into approving unauthorised MFA resets
- They gain access, escalate privileges, and once inside, bring in heavy-hitting Ransomware-as-a-Service teams to maximise the impact
This technique has already compromised major huge corporations such as Marks & Spencer, Co-Op and Qantas, but they’ve also hit lesser-known companies along the way, potentially leveraging companies in the supply chain to bypass the defences of bigger corporations with a higher security spend. What sets them apart is not the tech, but the human exploitation at the heart of the attack.
Claranet’s advice
We’ve been tracking these tactics for some time and our customers have turned to us for advice on what can be done. Following the recent retail and insurance cyber-attacks, we’ve written a number of practical guides to help you reduce the risk and impact of a successful cyber breach:
- Scattered Spider don’t break in. They log in. | Claranet
- Reports of Scattered Spider attacks on US insurance firms | Claranet
When it comes to cyber-attacks, humans are the first line of defence. These social engineering and ransomware experts only exploit technological vulnerabilities after they’ve manipulated your people. While technology cannot totally solve the problem of human fallibility, it can provide a backstop when attackers successfully gain a foothold.
That’s why we partner with leading ransomware defence platform, Halcyon.ai to offer protection designed to stop data exfiltration, provide resilience against ransomware encryption and reduce your recovery time from week and months down to hours and minutes.
The web is bigger than one spider
These attacks aren’t limited to private sector giants. Just a few weeks ago, the Swiss government found itself in the headlines when 1.3TB of sensitive federal data was stolen from a trusted IT partner and placed on the dark web for sale.
That attack was perpetrated by the Sarcoma ransomware group, active since October 2024, with suggested ties to Scattered Spider. The attack exposed contracts, communications, and financial documents.
The interconnected nature of our relationships with third-party suppliers and contractors means that a single weak link can have far-reaching consequences. But, as attacks by Scattered Spider and others show, phishing and social engineering are still powerful techniques and humans are still the frontline of defence.
Free protection over the summer holidays
As we enter the summer months, distractions are rife: the kids are off school, and security teams are stretched thin while colleagues go on holiday.
That’s why Claranet is offering six weeks of free ransomware protection in partnership with Halcyon.ai. Companies in the retail, insurance and aviation sectors can leverage this for peace of mind and specialist support should it be needed during this busy period.
This includes:
- Enterprise-grade anti-ransomware endpoint protection from Halcyon for your critical assets: proven 100% effective to date
- Full onboarding and deployment support
Behavioural analysis, decryption and recovery tools
Get in touch with our Cybersecurity experts and let’s make sure your team, your data and your customers are protected.
