根據聯邦調查局(FBI)和參與應對駭客攻擊的私人專家表示,一個臭名昭著的網路犯罪集團已將目標轉向航空業,本月成功入侵了美國和加拿大多家航空公司的電腦網絡。
儘管這次駭客攻擊並未影響飛航安全,但它已引起美國主要航空公司高層網路主管的警覺,原因在於駭客嫌疑人:「散佈的蜘蛛」(Scattered Spider)網路犯罪集團是一群年輕的網路犯罪分子,他們以其積極勒索或羞辱受害者的行為而聞名。
這對正值夏季旅遊旺季的旅遊業來說是一個新的麻煩。這已是過去兩個月來,繼保險業和零售業之後,第三個面臨與該犯罪集團相關的網路攻擊浪潮的美國主要商業領域。
聯邦調查局週五晚間發布聲明,點名「散佈的蜘蛛」是航空公司駭客攻擊的幕後黑手。聲明指出,駭客鎖定大型公司及其 IT 承包商,「這意味著航空生態系統中的任何人,包括受信任的供應商和承包商,都可能面臨風險。」聯邦調查局表示:「一旦進入(受害者網路),『散佈的蜘蛛』成員就會竊取敏感資料進行勒索,並經常部署勒索軟體。」
聲明繼續指出,聯邦調查局「正積極與航空和產業夥伴合作,以應對這項活動並協助受害者。」
夏威夷航空(Hawaiian Airlines)和加拿大西捷航空(WestJet)本週證實,他們仍在評估近期網路攻擊造成的影響,儘管航空公司並未點名肇事者。據熟悉調查的消息人士透露,航空業可能會有更多受害者浮出水面。
西捷航空的問題始於兩週前,當時該公司表示正在應對一場「網路安全事件」,該事件影響了「部分服務和軟體系統」的存取,包括其客戶應用程式。西捷航空和夏威夷航空都表示,他們的營運未受駭客攻擊影響。
拉斯維加斯主要機場前資訊安全長阿金·帕特爾(Aakin Patel)表示,航空公司營運未受影響「可能表明內部網路隔離良好,或具備良好的業務連續性和應變規劃。」
根據航空資訊共享與分析中心(Aviation ISAC,一個分享網路威脅的行業組織)總裁傑弗里·特洛伊(Jeffey Troy)的說法,不僅僅是航空公司本身,其他「航空生態系統部門」也正遭受日益增長的網路攻擊。特洛伊在給 CNN 的一份聲明中表示:「我們的成員對出於經濟動機的攻擊者以及源於全球地緣政治緊張局勢的附帶影響保持高度警惕。」
航空業微小的錯誤容忍度在週五得到了體現,當時一次與惡意網路活動無關的獨立 IT 中斷導致部分美國航空乘客延誤。
「散佈的蜘蛛」的駭客攻擊已動員整個行業的人員進行應對。熟悉應對措施的消息人士告訴 CNN,主要航空公司的內部網路安全專家一直在密切監控情況,而 Google 旗下的 Mandiant 等網路安全公司正在協助復原,並敦促航空公司保護其客戶服務呼叫中心。
「散佈的蜘蛛」滲透公司最常用的方法之一是致電服務台,冒充員工或客戶。這種技術對駭客入侵大型公司的網路非常有效。
帕特爾告訴 CNN:「航空公司高度依賴呼叫中心來滿足許多支援需求」,這使得它們成為「這類集團的潛在目標。」
「散佈的蜘蛛」在 2023 年 9 月因與拉斯維加斯賭場和酒店米高梅國際酒店集團(MGM Resorts)和凱撒娛樂(Caesars Entertainment)的數百萬美元駭客攻擊有關而受到關注。駭客傾向於連續數週鎖定一個行業。本月早些時候,他們被懷疑入侵了保險巨頭 Aflac,可能竊取了社會安全號碼、保險理賠和健康資訊。在此之前,目標是零售業:據 CNN 獲得的一份內部備忘錄顯示,駭客鎖定了 Ahold Delhaize USA,該公司與 Giant 和 Food Lion 超市連鎖店屬於同一母公司。
Mandiant 技術長查爾斯·卡馬卡爾(Charles Carmakal)週五在一份聲明中表示:「該組織的核心戰術、技術和程序保持一致」,並且「已意識到航空和運輸領域發生的多起事件」與「散佈的蜘蛛」的行動相似。
===
A notorious cybercriminal group has shifted its attention to the aviation industry, successfully breaching the computer networks of multiple airlines in the United States and Canada this month, according to the FBI and private experts responding to the hacks.
The hacking hasn’t affected airline safety, but it has top cyber executives at major airlines across the United States on alert because of the hacking suspects: A network of young cybercriminals called “Scattered Spider” who are known for their aggressive efforts to extort or embarrass their victims.
It’s a fresh headache for the travel industry as the busy summer travel season kicks into high gear. This is now the third major U.S. business sector in the last two months, after insurance and retail, to face a flurry of cyberattacks tied to the criminal group.
The hackers target big companies and their IT contractors, “which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk,” the FBI said Friday night in a statement that named Scattered Spider as the perpetrator of the airline hacks. “Once inside (a victim’s network), Scattered Spider actors steal sensitive data for extortion and often deploy ransomware,” the FBI said.
The FBI, the statement continued, “is actively working with aviation and industry partners to address this activity and assist victims.”
Hawaiian Airlines and Canada’s WestJet confirmed this week that they were still assessing the fallout from recent cyberattacks, though the airlines did not name the perpetrators. More victims in the aviation industry could come forward, sources briefed on the investigation said.
WestJet’s issues began two weeks ago, when the airline said it was responding to a “cybersecurity incident” that was affecting access “to some services and software systems,” including its app for customers. Both WestJet and Hawaiian Airlines said their operations were unaffected by the hacks.
The lack of impact on operations at the airlines is “likely a sign of good internal network separations or good business continuity and resiliency planning,” said Aakin Patel, the former chief information security officer of Las Vegas’ main airport.
It is not just the airlines themselves, but other “segments of the aviation ecosystem” that are seeing increased cyberattacks, according to Jeffey Troy, the president of the Aviation ISAC, an industry group for sharing cyber threats. “Our members are keenly alert to attacks from financially motivated attackers and collateral impacts emanating out of geo-political tensions around the world,” Troy said in a statement to CNN.
The fine margins for error in the airline industry were on display Friday, when a separate IT outage, apparently unrelated to malicious cyber activity, caused delays for some American Airlines passengers.
The Scattered Spider hacks have mobilized people across the industry to respond. In-house cybersecurity experts at major airlines have been closely monitoring the situation, sources familiar with the response told CNN, while cybersecurity firms such as Google-owned Mandiant are helping with the recovery and urging airlines to secure their customer service call centers.
One of Scattered Spiders’ preferred methods of infiltrating corporations is calling up help desks and pretending to be employees or customers. The technique has been highly effective for hackers to gain access to the networks of big companies.
“Airlines rely heavily on call centers for a lot of their support needs,” Patel told CNN, making them “a likely target for groups like this.”
Scattered Spider gained attention in September 2023 when they were linked to a pair of multimillion-dollar hacks on Las Vegas casinos and hotels MGM Resorts and Caesars Entertainment. The hackers tend to pick one sector to target for weeks on end. Earlier this month, they were the suspect in a hack of insurance giant Aflac that potentially stole Social Security numbers, insurance claims and health information. Before that, it was the retail sector: The hackers, according to an internal memo obtained by CNN, targeted Ahold Delhaize USA, which has the same parent company as the Giant and Food Lion grocery chains.
“The actor’s core tactics, techniques, and procedures have remained consistent,” Mandiant chief technology officer Charles Carmakal said Friday in a statement, and that it “is aware of multiple incidents in the airline and transportation sector” that resemble the operations of Scattered Spider.
source ctvnews