"Scattered Spider" Attacks Are Targeting IT Help Desks: What Steps Can Your Organization Take?

September 18, 2025

The FBI has recently identified the cybercriminal group known as Scattered Spider as responsible for a series of cyberattacks targeting airlines in the United States and Canada during June 2025.

This group, composed of young hackers, is notorious for its aggressive tactics aimed at extorting or embarrassing its victims. The attacks come at a particularly sensitive time for the travel industry, which has already been under pressure because of one of the major business sectors being affected by cybercrime in recent months, following similar incidents in the insurance and retail sectors.

According to the FBI, Scattered Spider does not limit its focus to airlines alone but also targets their IT contractors, meaning that any entity within the airline ecosystem, including trusted vendors, could be vulnerable.

Once they gain access to a network, the hackers typically steal sensitive data for extortion and often deploy ransomware. The FBI has stated that it is actively collaborating with aviation industry partners to address the threat and support affected organizations.

Notably, Hawaiian Airlines and Canada's WestJet have both confirmed that they are assessing the impact of recent cyberattacks, though neither airline publicly named Scattered Spider as the perpetrator. Despite these breaches, both airlines reported that their operations and flight safety remained unaffected.

The group is known for using social engineering techniques, such as impersonating employees or contractors to deceive IT help desks and bypass security measures like multi-factor authentication.

Scattered Spider's previous high-profile attacks include multi-million-dollar hacks on major Las Vegas casinos in 2023, and they are known for focusing on one sector at a time for sustained periods. Industry experts and authorities warn that more victims within the aviation sector may yet come forward as investigations continue.

Source: https://economictimes.indiatimes.com/news/international/us/cybercriminal-group-scattered-spider-targets-us-and-canadian-airlines-in-flurry-of-cyberattacks/articleshow/122138215.cms?from=mdr

Commentary

One of Scattered Spider's methods is to "impersonate employees or contractors" to deceive IT help desks and bypass security measures like multi-factor authentication". This is considered a sophisticated form of social engineering because it requires voice-to-voice interaction.

For example, an attacker might call a company's IT help desk, pretend to be a legitimate employee who has lost access to their account, and request that a new phone number or device be added to the account's MFA settings. If the help desk does not rigorously verify the caller's identity, they may comply, inadvertently giving the attacker the ability to reset passwords or approve login attempts, thus bypassing MFA protections. This tactic has been observed in recent attacks on airlines and other sectors, where attackers used such methods to gain initial access, steal sensitive data, and sometimes deploy ransomware.

Organizations can mitigate these risks by strengthening their help desk identity verification processes. This includes requiring multiple forms of verification before making changes to MFA settings or account recovery information, training staff to recognize and escalate suspicious requests, and monitoring for unusual MFA reset activity.

Security experts also recommend implementing technical controls such as restricting the ability to add new MFA devices without in-person or secondary approval, using phishing-resistant MFA methods, and regularly reviewing access logs for signs of compromise.

Proactive threat intelligence, such as monitoring for phishing domains that mimic company login portals, can also help detect and block attacks before they succeed.

Additional Sources: https://industrialcyber.co/transport/fbi-raises-alarm-over-scattered-spider-targeting-airline-sector-with-social-engineering-schemes/; https://www.infosecurity-magazine.com/news/scattered-spider-phishing-domains/; https://www.darkreading.com/cyberattacks-data-breaches/scattered-spider-hacking-spree-airline-sector; https://x.com/FBI/status/1938746767031574565

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Is Gen Z Causing Management Turnover? You Make The Call

A survey shows that some managers are thinking about quitting because of the challenges presented by Gen Z employees. Is that happening at your organization? We want to know.

DeepSeek, Malware, And Stealing API Keys: What Should Organizations Consider?

Threat actors are exploiting the popularity of DeepSeek to steal API keys. Is that a threat? We explain.

Hidden Dangers Of Healthcare Data Breaches: Beyond Privacy To Patient Harm

We explore how stolen healthcare data can cause serious harm to patients, review past breach impacts, and suggests practical prevention strategies for healthcare organizations.

Fake Invoice Scams: The Internal Crime That Is Hard To Spot

An employee pled guilty to embezzlement after stealing thousands of dollars from her employer using a fake invoice scam. We examine.

Hidden Dangers In Plain Sight: How Malicious Apps Threaten Your Identity

We explore the hidden dangers of malicious apps, their role in identity theft, key warning signs, and practical steps for safeguarding personal information from digital threats.