Casino Hackers Targeting Airlines, Says FBI

  • Hacking group that victimized Caesars, MGM is now targeting airlines
  • FBI says bad actors using ransomware, social engineering tactics to extort companies

Scattered Spider, the band of cyber bandits that executed large-scale ransomware attacks against MGM Resorts International and Caesars Entertainment in 2023, is targeting another travel and leisure industry: airlines.

mirai-ddos-attack-threat-to-online-gambling-sites
Scattered Spider, which hit two major casino operators with cyber intrusions, is reportedly targeting airlines. (Image: betanews.com)

In a recent alert, the FBI said it’s seen increased activity by Scattered Spider focusing on airlines with the criminals using social engineering techniques to dupe employees into granting them access to sensitive data. Social engineering is an increasingly common form of cyber thievery and one that’s afflicting myriad industries and their customers.

These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access. These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts,” according to the FBI.

The law enforcement agency added it’s working with airlines and related partners to “address this activity and assist victims.” The bureau also encouraged companies that believe they’ve been targets of cyber intrusions to contact law enforcement as soon as possible.

Scattered Spider Up To Its Old Tricks

With the alleged attacks on airlines, Scattered Spider appears to be deploying a playbook similar to what was used in 2023 against Caesars and MGM: get access to sensitive data, threaten the affected companies with release of that information, and hope the corporations will pay rather than deal with the headaches of customer data being put up for sale on the dark web.

The hackers did in fact extort Caesars and MGM in 2023. Caesars is said to have paid Scattered Spider $15 million to resolve the issue. MGM didn’t play ball, resulting in a multi-day crippling of its technology systems across its portfolio of domestic casinos.

Compounding those woes were financial consequences, including a $100 million hit to MGM’s third-quarter earnings in 2023 and $10 million in one-time expenses. The FBI urges ransomware victims to not comply with perpetrators because payments encourage the bad actors to infiltrate other companies.

Airlines haven’t specifically identified Scattered Spider as executing crimes against them, but Canada’s WestJet  and Hawaiian Airlines were recently targeted by cyberattacks while Delta Airlines asked customers to reset passwords and other credentials.

Airlines Make for Predictable Victims

Like casino operators, airlines come into contact with scores of highly sensitive customer data, including addresses, names, and numbers on government documents, such as drivers licenses or passports, among other information.

That’s exactly the type of data nefarious groups such as Scattered Spider look to procure because companies can suffer significant reputational damage by not preventing cyber intrusions and allowing customer information to be released. Some experts believe that if Scattered Spider is in fact hitting airlines, it’s just another day at the office for the bad actors.

“Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks. Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their tactics, techniques, and procedures (TTPs),” according to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

Todd Shriber
Todd Shriber Financial Reporter

Todd Shriber is a senior news reporter covering gaming financials, casino business, stocks, and mergers and acquisitions for Casino.org.

Todd got his start in financial markets as a reporter with Bloomberg News. Later, he became a trader at a Southern California-based long/short hedge fund, where he specialized in the trading sector and international ETFs leading up to and during the financial crisis. He joined Casino.org in 2019.

Currently, Todd analyzes, researches, and writes on ETFs for various web-based publications and financial services firms. Shriber has been featured and quoted in Barron's, CNBC.com, and The Wall Street Journal. His work can also be found on Benzinga, ETF Daily News, ETF Trends, MarketWatch, Fox Business, and Nasdaq.com.

He currently resides in Las Vegas, where he enjoys golf and taking his black lab to the dog park. He's also an avid sports fan and likes to wager on college football and the NBA. You can also find him at the three-card poker and roulette table, even though he knows better.

Contact Todd at todd.shriber@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.