Recently the Scattered Spider Hacker group or cybercriminals are targeting the airline industry at large and keen interest on aviation sector.

The Scattered Spider group relies mostly on social engineering techniques that can impersonate employees or contractors to deceive IT help desks into granting access” and frequently involves methods to bypass multifactor authentication (MFA), as per observation by FBI.

Earlier the group breached at least two major US airlines in June, bypassed security protocols by exploiting remote access tools and manipulating support staff as reported by CNN .

There is a growing cyber risk on aviation sector and how the air traffic control is managed during attack which makes subsequent aviation systems vulnerable to cyberattacks due to outdated technology in many cases.

And cyber criminals are resorting to advanced techniques by which they can halt operations via cyberattacks that have the ability to take over or invade technology systems which in turn disrupt information flow from the aircraft to pilots to the airlines’ operations center resulting in chaos and delay in flight operations.

Every operation and service delivered by airlines is supported by technology and once that is not responding ,subsequent operations are halted i.e. flight management software, air traffic control communications, baggage handling systems and in-flight entertainment platforms will fail inevitability.
Recently the Scattered Spider group was behind a big data breach potentially exposing Social Security numbers, insurance claims and health information of tens of millions of customers.

Repercussions of Data Breaches Impacting Third parties

Cybercriminals often take advantage of fragile cyber security posture linked to smaller third parties that provide services to larger, well-established enterprises or industry. In-fact many vendors dont have cybersecurity protection and proper cybersecurity awareness in place to mitigate against attacks.

Cyber attacks have evolved to become increasingly complex, making vendor risk management critical. With rise in digital transformation, cloud services and AI technology has given cyber criminals greater potential to penetrate unsecured networks and systems more then ever.

Address the Threat Landscape with Best Practices

Data breaches that originate from third-party vendors cause big fines and legal consequences are huge and affect primary organization. Along with these challenges, organizations often rely on third parties for critical services and cyber criminals take advantage of these vulnerability.

Organizations can still take steps to mitigate and defend against these attacks even as they onboard new vendors or service providers.

Let us see the emerging threats across third-party vendors:

• Supply chain attacks by cybercriminals often target companies that supply services to many different companies (e.g. MSPs, IT) they cause great impact as IoT and other hardware devices manufactured by third parties can be infected malicious firmware .These malware can steal sensitive data. 
• Ransomware-as-a-Service (RaaS)The dark web often sells kits (RaaS) and now it is combined with generative AI making attractive for cyber criminals to launch attacks. RaaS can disrupt critical services of organizations.
• Threat from third parties Unintentional human error occur where providers misconfigure not so accurate data or data deletion happens or poor cybersecurity practices of easy passwords circulating among users. There could also be vendors with financial motives who don’t go through the same security process known as insider threat and don’t pass security test laid for regular employees.
• Software supply chain attacks As we witnessed outsourcing third-party SaaS services and cloud technology makes it easy to target vulnerabilities in software code. This impacting hundreds of well-established organizations using the same software and same chain of malware flows.
• Cloud vulnerabilities The provider or cloud service is responsible for securing the cloud infrastructure while the customer or vendor is responsible for securing their data and applications. A lack of proper security measures by the customer or third party can result in data breaches, data loss or supply chain attacks. Since cloud service or data center is all outsources so security lapse may happen
• Advanced Persistent Threats (APTs) is linked to State-sponsored attacks who generally target third parties to penetrate into systems over an extended period of time. For example, they might compromise a third-party network to gain lateral access to the main organization’s IT infrastructure, making it difficult to detect in time.   
• Deepfake and social engineering attacks. Emerging AI-technology can manipulate employee or C-level executives to trick users into divulging information to execute identity fraud, phishing attacks, sign fraudulent contracts, or gain unauthorized access to restricted systems and networks. 
• Zero-day exploits exploited by cyber criminals before they are identified by developers and third-party providers and patched. At times if patch is slow process attackers launch attacks during this delay.   

Solutions that will improve Security Posture with Intru360 from Intruceptlabs

The new business environment demands IT support for a wider range of monitoring, security and compliance requirements. This creates significant burdens on network performance and network security as more appliances need access to incoming data.

Intrucept platform (Intru360) cover overall risk, detection, prevention, correlation, investigation, and response across endpoints, users, networks, and SaaS applications, offering end-to-end visibility.

Intru360 gives security analysts and SOC managers a clear view across the organization, helping them fully understand the extent and context of an attack. It also simplifies workflows by automatically handling alerts, allowing for faster detection of both known and unknown threats.

Identify latest threats without having to purchase, implement, and oversee several solutions or find, hire, and manage a team security analyst.

Sources: https://www.darkreading.com/cyberattacks-data-breaches/scattered-spider-hacking-spree-airline-sector