In June 2025, the FBI issued a blunt warning: cybercriminals are targeting the airline industry. This isn’t a one-off. It’s part of a growing trend that puts airlines, airports, and millions of passengers at risk.
With rising global tensions and digital systems deeply embedded in aviation, the threat is no longer theoretical. It’s happening now and it’s getting worse.
The Rise of Scattered Spider
The FBI named a specific threat actor: Scattered Spider. This group has already hit MGM Resorts and Caesars Entertainment. Now, they’ve set their sights on airlines.
Their method is smart and simple. They pose as employees or contractors, contact help desks, and convince them to bypass multi-factor authentication. Once inside, they spread ransomware, steal data, and disable systems within hours. Google’s Mandiant group has confirmed their speed and technical skill. They excel at persistence and move quickly across networks.
More than money, these attacks can cripple entire operations, putting people at risk and grounding global aviation.
The Attacks Are Already Happening
In the last two months alone –
- Internal systems and mobile app were disrupted by a cyber attack for WestJet in Canada.
- Hawaiian Airlines reported a breach that hit its non-critical IT operations.
- Qantas acknowledged a data breach affecting over six million passengers through a compromised call center platform.
- A ransomware attack on Sea-Tac Airport in August 2024 made systems shut down which resulted in 1400 travellers being stranded.
One fact is clear – modern aviation is dependent on digital infrastructure. And if one part is hit, it is not at all difficult to take down the entire organisation. It is only a matter of minutes and how string your cyber security team is.
The Bigger Threat
What the FBI is signalling is a shift—from one-off attacks to sustained, targeted campaigns. And it’s not just cybercrime groups. State-backed hackers in Russia, China, Iran, and North Korea are watching and learning. So are terrorist groups like ISIS and Al Qaeda.
These actors know aviation is both symbolic and strategic. Disrupt it, and you ignite fear, economic loss, and global ripple effects. The tools they use are explosives and are lines of code.
Understand the role of SIEM in proactive threat detection and response.
Can Hackers Hijack a Plane?
No confirmed attack has affected in-flight control systems yet—but the idea isn’t science fiction. Planes today are flying data centers. They use real-time telemetry, satellite communications, and automated diagnostic tools. Each one of those features introduces a possible way in.
Researchers have shown how attackers could exploit satellite links, onboard Wi-Fi, or even compromised ground operations. A manipulated flight plan or false weather report could result in dangerous decisions. More than delays, the concern is about safety.
As cybersecurity analyst Theresa Payton put it, “The future of warfare will be about disrupting trust and sowing chaos in the systems we rely on every day. Aviation is right at the top of that list.”
History Keeps Repeating
This is not their recent trend. They have been at it for a while now.
- LOT Airlines in Warsaw cancelled flights after an attack on their flight-plan system in 2015.
- Through major breaches, passenger details were leaked from British Airways and Cathay Pacific in 2018.
- 9 million customers were affected due to a breach in EasyJet in 2020.
Each of these incidents exposed security gaps. Each time, the industry promised change. But promises don’t stop payloads. Attackers keep getting better and faster.
How cybercriminals are evolving their tactics with AI-powered phishing.
What Airlines Must Do Now
The old approach—patch systems, issue memos, and hope for the best—isn’t working. Airlines and airports need a serious shift in strategy. Here’s where to start –
-
Redesign Identity Checks
Most breaches begin with someone being tricked. Help desks need training to spot impersonators. Systems should not rely on single-step verifications. A zero-trust approach—where every request is verified regardless of origin—is key.
-
Secure the Entire Supply Chain
Airlines don’t work alone. They depend on vendors, call centers, third-party contractors, and outsourced IT teams. Every one of these groups must be held to strict security standards. This is where cyber security audits become vital. Regular assessments of partners’ systems help spot vulnerabilities before attackers do.
-
Run Frequent Penetration Testing
You can’t fix what you don’t test. Regular penetration testing—where ethical hackers simulate real-world attacks—can help organisations identify their weak spots. This gives airlines the chance to fix issues before someone else exploits them.
-
Adopt CMMC-Level Standards
The Cybersecurity Maturity Model Certification (CMMC) was created for critical infrastructure. Airlines should treat it as a baseline and apply it across all operations, not just IT departments. Uniform security controls, clearly defined roles, and accountability must be non-negotiable.
-
Segment Critical Systems
Critical flight systems must be separated from public-facing networks. Legacy platforms should be upgraded or removed. Emergency drills shouldn’t be limited to flight crews. Cyber incident plans should be tested regularly and include everyone from IT to airport operations.
-
Share Information Quickly
Too often, companies stay quiet about breaches. This helps attackers. Airlines should share threat intelligence in real time—with each other and with agencies like the FAA and CISA. A coordinated response is always stronger than a solo effort.
-
Invest in Cyber Resilience
Cybersecurity isn’t just an IT line item—it’s a part of passenger safety. Boards and investors must treat it with the same urgency as engine maintenance or runway repairs. A strong cyber program is no longer optional. It’s essential infrastructure.
The Cost of Doing Nothing
Steps must be taken not as soon as a breach happens but today itself. This stops from a breach happening in the future. If steps aren’t taken now, here’s what could happen –
- Flights grounded across multiple continents.
- Sensitive data from millions of passengers leaked or sold.
- A collapse in public trust in air travel.
- In the worst case, a cyber event leading to physical harm.
Twenty years ago, few imagined planes could be hijacked using knives. Today, it could be done with code.
The difference? This time, we’ve been warned.
Final Thoughts
Airlines face an evolving threat that’s moving faster than ever. The FBI is observing. Attacks are growing more frequent, more sophisticated, and more dangerous than ever.
The time to act isn’t next year. It’s now. Through regular cyber security audits, ongoing penetration testing, stronger partnerships, and enforced standards, the aviation industry can protect itself and the people who rely on it.
Because in today’s world, digital safety is physical safety. Get in touch with us at Cybernetic GI to test the quality of your cyber security if you have. If not, contact us immediately.