Recently, cybersecurity researchers and federal agencies reported renewed activity by a well-known cybercriminal group called Scattered Spider, this time with a focus on the aviation industry, including at least one Canadian airline.
Who Is Scattered Spider?
Scattered Spider is not new to the cybersecurity world. This group gained notoriety in 2023 for high-profile breaches against U.S. hospitality giants MGM Resorts and Caesars Entertainment, using highly-targeted social engineering campaigns. The group typically targets large organizations and uses English-speaking social engineering techniques to deceive internal staff.
Now, according to a joint FBI and CISA bulletin, their tactics have shifted to the airline sector — and it’s their approach to bypassing multi-factor authentication (MFA) that has caught the attention of cybersecurity professionals.
What Happened?
In these latest incidents, Scattered Spider used social engineering to trick internal IT help desk teams into enrolling a new device into a user’s accountm effectively bypassing the MFA requirement. This method doesn’t “break” MFA in a technical sense; rather, it works around it by exploiting trust within support processes.
As per Business Insider reporting, WestJet, a Canadian airline, reported a cybersecurity incident during this period. While they haven’t officially linked it to Scattered Spider, the timing and methods line up with broader warnings from U.S. authorities.
What Makes This Different?
Most cyber attacks rely on phishing emails, malware, or stolen credentials. What makes Scattered Spider noteworthy is that:
-
Their attackers speak fluent English, often convincingly impersonating employees.
-
They focus on people, not systems — using manipulation to gain privileged access.
-
Their techniques suggest deep research into their targets’ internal procedures and support systems.
This is a reminder, not a reason to panic: sophisticated actors are adapting, and so must security practices — especially when it comes to human-driven processes.
Did MFA Fail?
Not exactly.
Multi-Factor Authentication (MFA) remains an essential cybersecurity layer. However, these incidents show that MFA alone is not enough if internal teams can be socially engineered to unintentionally bypass it.
The key takeaway here isn’t that MFA is broken it’s that cybersecurity must include training, process hardening, and behavioral monitoring alongside technical controls.
What Can Canadian Businesses Learn?
Even though the targets were large airlines, the techniques used, impersonation, help desk manipulation, device enrollment can apply to any business, large or small.
That said, this is not a cause for alarm, but rather for reflection and resilience-building. Here are a few strategic lessons:
-
Review help desk procedures: Ensure device enrollment or account recovery requests require independent verification.
-
Enable behavioral monitoring: Systems should detect and alert on unusual access patterns.
-
Run social engineering simulations: Training staff, especially help desks to spot manipulation attempts can prevent these breaches entirely.
What We Do at 010grp
At 010grp, we emphasize a holistic approach to cybersecurity. That means looking beyond tools like MFA and digging into:
-
User behavior analysis
-
Security-first help desk training
-
Zero Trust architecture
-
Ongoing penetration testing
We also believe in clear communication; no fear tactics, no fluff. Just honest assessments and strong defense strategies that grow with your business.
Final Thoughts
The recent airline-focused attacks remind us that cybersecurity is as much about people and process as it is about technology. Scattered Spider’s methods didn’t rely on advanced malware just a convincing voice and a gap in internal verification protocols.
In the coming weeks, expect more discussions within aviation, enterprise IT, and cybersecurity communities about how to strengthen MFA systems without overcomplicating support.
We’ll be following developments and sharing further insights as this story evolves.
—
You might also like: