Why are airlines under attack in 2025?

In recent weeks, airlines in the US and Canada have faced targeted cyberattacks by Scattered Spider, a sophisticated cybercriminal group known for its highly effective social engineering tactics.

What makes airlines attractive targets?

  • High-value personal and payment data of millions of passengers
  • Complex digital ecosystems with multiple third-party IT providers
  • Heavy operational dependence on interconnected digital systems for safety, logistics, and compliance
  • The potential for public impact, as flight disruptions quickly become headline news

These factors make airlines an appealing target for ransomware groups seeking high payouts and global visibility.

Who is Scattered Spider?

Scattered Spider is a cybercriminal group specializing in phishing, vishing (voice phishing), and advanced social engineering. They are linked to attacks not only on airlines but also on major retailers like Marks & Spencer, exposing their diverse targeting capabilities

Their main tactics include:

  • Impersonating employees when calling IT helpdesks to reset passwords or MFA
  • Exploiting leaked credentials and open-source data to build credibility
  • Targeting third-party suppliers to bypass direct defences
  • Deploying ransomware or stealing sensitive customer data for extortion

Impact of airline cyberattacks

Recent airline attacks have resulted in:

  • Flight delays and operational disruptions due to disabled critical systems
  • Potential exposure of passenger personal and payment data
  • Financial losses from downtime, investigation costs, and regulatory fines
  • Long-term reputational damage affecting passenger trust and loyalty
Cyberattacks on airlines are not just IT incidents. They are operational crises with direct impact on passenger safety and business continuity.

How can airlines protect themselves?

Key recommendations:

  1. Strengthen IT helpdesk authentication protocols to verify employee identity beyond standard questions.
  2. Adopt Zero Trust security frameworks to limit lateral movement within networks.
  3. Conduct regular staff training on phishing, vishing, and social engineering threats.
  4. Implement 24/7 SOC (Security Operations Center) with advanced threat detection and response capabilities.
  5. Carry out Threat Led Penetration Testing (TLPT) at least every 1–3 years to simulate real attack scenarios.
  6. Review and enhance third-party risk management processes, especially for critical IT and operational suppliers.

✈️ Strengthen your airline’s cyber defence today with Apolo Cybersecurity

At Apolo Cybersecurity, we specialise in helping aviation and transport companies:

  • Diagnose vulnerabilities in IT, OT, and third-party ecosystems
  • Implement 24/7 SOCs and threat intelligence platforms
  • Conduct Threat Led Penetration Testing for realistic resilience assessments
  • Deliver executive and operational cyber training to empower your teams

Request your free security audit and tailored plan today

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Copyright © 2025 Apollo Cybersecurity