British Airways is so concerned about a massive and highly disruptive cyberattack that, in the past week, it locked hundreds of pilots and cabin crew out of key operational IT systems without providing any notice.
Aircrew only found out that their login credentials had been disabled when they went to check their flying duties or carry out other essential tasks like booking flights to ‘commute’ to work or prepare for mandatory annual training courses.
As pilots and cabin crew tried to regain access, they were passed from department to department, without anyone seemingly able to reset passwords or even aware of what the problem was, sources have claimed.
It turns out that BA’s parent company, Madrid-based IAG, which manages IT services for the airline, had rushed in new security protocols as the threat of a cyberattack keeps the airline industry on edge.
In order to regain access to BA’s systems, aircrew were told that they must reset their password from a hard-wired British Airways computer.
Of course, the problem with that is that hundreds of pilots and flight attendants were locked out when they were thousands of miles away from the closest secure BA computer.
Last week, the FBI’s Cyber Division became so concerned about airlines falling victim to brazen cybercriminals affiliated with the so-called ‘Scattered Spider’ group that it issued a rare, urgent alert to companies across the aviation industry.
“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector,” the alert warned.
“These actors rely on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access,” the alert continued. “These techniques frequently involve methods to bypass multi-factor authentication (MFA), such as convincing help desk services to add unauthorized MFA devices to compromised accounts.”
“Once inside, Scattered Spider actors steal sensitive data for extortion and often deploy ransomware. The FBI is actively working with aviation and industry partners to address this activity and assist victims.”
The FBI has not commented on which airlines have been targeted, although, Australian flag carrier Qantas has been hit by a massive data theft involving the personal details of nearly six million customers.
The hackers targeted one of the airline’s call centers, gaining access to a database that contained personal details of millions of its frequent flyers. Qantas is yet to reveal how the hackers gained access to its systems.
In a statement, the airline said it detected the unauthorized access on June 30, although it remains unclear how long the criminals had been infiltrating the database before Qantas became aware of the attack.
Last week, it was also revealed that Delta Air Lines had locked tens of thousands of frequent flyer accounts without notice, raising fears that the Atlanta-based carrier had also fallen prey to cybercriminals.
A spokesperson for the airline, however, insisted that following the ‘routine’ lockdown of as many as 68,000 SkyMiles accounts, its systems were secure.
In 2018, British Airways was hit by a massive data breach when hackers managed to steal sensitive personal data of over 400,000 customers and staff.
In the wake of the attack, the Information Commissioner’s Office (ICO) ordered British Airways to pay a £180 million penalty after investigators found that the airline remained unaware that any data had been stolen until two months after hackers took advantage of glaring holes in BA’s security defenses.
As a result of the COVID-19 pandemic, however, the fine was reduced to just £20 million, although British Airways still faces a multi-million-pound class action lawsuit stemming from the data breach.
