“Airlines also hold vast amounts of sensitive data, including customer PII, flight schedules, and operational information,” said Brijesh Singh, cybersecurity expert and additional director general of police, Government of Maharashtra, India, explaining why the group is targeting the sector. “Airlines’ complex global networks and supply chains make them prime targets. Infiltrations can quickly escalate, leading to substantial ransoms or stolen data being sold on the dark web.”
Help desks in aviation and other large sectors are especially exposed because they typically operate as outsourced, non-IT functions removed from day-to-day business operations. “The assumption with MFA is that if the user passes the second factor, they are a legitimate user,” Varkey said. “In many cases, MFA may not be OTP-based but rather secret questions, such as ‘your favorite sport’ or ‘your mother’s maiden name,’ which are too easy to guess or obtain through social media.”
The FBI noted that the group targets “large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.”
