Targeted Aviation Cybersecurity Threats Likely to Increase Risks to Businesses and Foreign Travel

Recent cybersecurity incidents span the globe, including:

• August 2024: A ransomware attack targeting Seattle-Tacoma International Airport (SEA) in Washington, which disrupted multiple airport services and compromised the personal data of around 90,000 employees and contractors. The Port of Seattle refused to pay USD 6 million in ransom, and the exfiltrated data was later leaked online.
• March 23, 2025: A ransomware attack targeting Malaysia’s Kuala Lumpur International Airport (KUL) resulted in significant disruptions to passenger check-ins and other critical systems. The attackers demanded a USD 10-million ransom, which Malaysia Airports Holding Berhad (MAHB) refused to pay.
• June 30, 2025: Hackers targeted the Qantas Airways (QF) contact center, which resulted in unauthorized access to a third-party customer servicing system and compromising customer data, including names, email addresses, phone numbers, and birth dates for more than 5.7 million people. 

In response to the recent cyberattacks, several government agencies have issued warnings to both the industry and the public. On June 27, the US Federal Bureau of Investigation (FBI) warned stakeholders about cybercriminal group Scattered Spider, highlighting their growing focus on targeting the airline sector through the use of social engineering techniques. The group has infiltrated several third-party vendors by impersonating employees or contractors, and deceiving IT staff into granting access to various systems. In some cases, they have been able to bypass multi-factor authentication (MFA) by tricking personnel into enrolling unauthorized devices into compromised accounts.  

Common cyberattacks involve a range of techniques, including social engineering, malware, ransomware, and Distributed Denial-of-Service (DDoS) attacks. Social engineering tactics, such as phishing campaigns, often employ highly targeted and sophisticated methods to deceive individuals, especially those with privileged access. Malware attacks involve the insertion of malicious code into systems, which can compromise data, applications, or operating systems. These attacks usually happen undetected, with users unaware until significant damage has already occurred.

Ransomware is another tactic that typically prevents users from accessing systems or data, with attackers demanding payment to restore access. Meanwhile, DDoS attacks flood websites with excessive online traffic, largely through the use of automated bot networks. DDoS attacks can cause significant website slowdowns or complete outages. 

Human error remains one of the primary causes of cybersecurity breaches within the aviation industry. To mitigate this risk, individual travelers and organizations should adopt a proactive and layered approach.

• At the individual level, travelers should avoid using public Wi-Fi networks and instead use Virtual Private Networks (VPN) to protect personal and business data while in transit. Travelers can enhance their personal cybersecurity by enrolling in legitimate identity theft monitoring services, enabling MFA on personal accounts, and strengthening access controls. Individuals should closely inspect travel-related emails and messages for subtle signs of phishing, such as misspelled domains or unexplained attachments, and use official apps to manage bookings or to check flight details.  
• Organizations should require MFA, encrypt sensitive data, conduct real-time threat monitoring, and regularly train employees on social engineering and emerging attack techniques, especially for staff working with third-party vendors and IT systems, as well as frequent travelers. Organizations must also regularly update outdated infrastructure and adapt cybersecurity policies to keep pace with evolving threats posed by AI and other technology advancements.    

Cybercriminal groups are expected to intensify their targeting of the aviation industry across all areas of the sector, which may increase the scale and frequency of flight disruptions, compromise sensitive data, and threaten flight safety. Aviation industry partners should strengthen mitigation measures, including updates to procedures and business policies, as well as comprehensive training and awareness for business travelers. A multi-layered approach is essential to safeguard both information security and operational continuity across the industry.

Learn more about leveraging our industry-leading regional and subject matter experts for intelligence that helps your organization stay ahead of risks to your people and operations.