At a glance.
- Scattered Spider targets the aviation and transportation sector.
- Canada bans China's Hikvision.
- CISA warns US firms of potential threats from Iranian state-sponsored actors.
Scattered Spider targets the aviation and transportation sector.
The US FBI is warning that the cybercriminal group Scattered Spider is launching extortion attacks against entities in the aviation sector, TechCrunch reports. The FBI says "anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk." Axios notes that executives from Google's Mandiant and Palo Alto Networks' Unit 42 have also warned of this targeting trend. Mandiant's CTO Charles Carmakal stated in a LinkedIn post, "Scattered Spider has a history of focusing on sectors for a few weeks at a time before expanding their targeting." The group has recently been targeting the retail sector and the insurance industry.
BleepingComputer cites sources as saying Scattered Spider was behind a recent attack against Canadian airline WestJet. The publication says the attackers compromised the airline's data centers and Microsoft Cloud environment by "performing a self-service password reset for an employee, which enabled them to register their own MFA and obtain remote access to the network through Citrix."
The Record cites incident responders as saying the threat actor was also behind last week's attack on Hawaiian Airlines.
Canada bans China's Hikvision.
The Canadian government has banned Chinese CCTV vendor Hikvision from operating within the country, citing national security concerns, Infosecurity Magazine reports. Canada's Minister of Innovation, Science and Industry Mélanie Joly said in a statement, "Following a National Security Review under the Investment Canada Act, the Government of Canada has ordered Hikvision Canada, Inc., to cease all operations in Canada and close its Canadian business. The government has determined that Hikvision Canada Inc's continued operations in Canada would be injurious to Canada's national security."
Joly added, "[T]he Government of Canada is prohibiting the purchase or use of Hikvision products in government departments, agencies, and crown corporations. The Government of Canada is further conducting a review of existing properties to ensure that legacy Hikvision products are not used going forward."
A Hikvision spokesperson told Reuters, "We strongly disagree with this decision and view it with deep concern, as we believe it lacks a factual basis, procedural fairness, and transparency. Instead of evaluating our technology on its cybersecurity merits, the decision appears to be driven by the parent company's country of origin, reflecting broader geopolitical tensions and an unjustified bias against Chinese companies."
CISA warns US firms of potential threats from Iranian state-sponsored actors.
The US Cybersecurity and Infrastructure Security Agency (CISA) continues to warn US organizations to be vigilant for Iranian cyberattacks due to heightened geopolitical tensions. CISA issued a joint advisory with the FBI, the NSA, and the Department of Defense Cyber Crime Center (DC3), stating, "Based on the current geopolitical environment, Iranian-affiliated cyber actors may target U.S. devices and networks for near-term cyber operations. Defense Industrial Base (DIB) companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk. Hacktivists and Iranian-government-affiliated actors routinely target poorly secured U.S. networks and internet-connected devices for disruptive cyberattacks."
CISA notes that, so far, the agency has "not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran."
