![\"The](\"https:\/\/www.europesays.com\/us\/wp-content\/uploads\/2025\/06\/1751216890_202_960x0.jpg\")
<\/p>\n<\/p>\n
The FBI issues Scattered Spider attack warning.<\/p>\n
NurPhoto via Getty Images<\/p>\n
Update, June 29, 2025: This story, originally published on June 28, has been updated with expert comment from cybersecurity professionals regarding the Scattered Spider threat group referenced in the latest FBI 2fa-bypass attack warning.<\/p>\n
When the Federal Bureau of Investigation issues a cybersecurity alert, you would be well advised to pay attention and take action. Whether that\u2019s involving malicious SMS messages<\/a>, AI-powered phishing<\/a> attacks, or, as I recently reported, the skyrocketing number of ransomware threats<\/a>. And ransomware is the subject of this latest, critical, warning from the FBI. This time involving the Scattered Spider threat group which has made headlines after taking responsibility for multiple retail sector attacks including that against Marks & Spencer in the U.K. which is estimated to have cost the high street chain at least $600 million<\/a>. Now the group is targeting the airline industry, the FBI has warned, both directly and through the entire supply chain. Here\u2019s what you need to know.<\/p>\n Forbes11 Million Critical Vulnerabilities Exposed \u2014 Act NowBy Davey Winder<\/a><\/p>\n FBI Confirms Scattered Spider Attacks Targeting Transportation<\/p>\n A June 26 report<\/a> from ransomware analysts at Halcyon warned that there were \u201cindications that Scattered Spider is also now targeting the Food, Manufacturing, and Transportation (particularly Aviation) sectors in the US.\u201d This has now been confirmed by the FBI which provided a statement to me by email that said: \u201cThe FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.\u201d<\/p>\n The statement, also posted to X<\/a>, fomrerly known as Twitter, continued to confirm that the ransomware group is using the same methods during this surge of attacks into new sectors, namely \u201csocial engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access.\u201d<\/p>\n Specifically, Scattered Spider looks to bypass mutli-factor authentication, commonly referred to as MFA or 2FA, by using various methods to get those help desks to \u201cadd unauthorized MFA devices to compromised accounts.\u201d<\/p>\n Scattered Spider has been on the FBI radar for a number of years, with a joint cybersecurity advisory<\/a> alongside the Cybersecurity and Infrastructure Security Agency published in 2023 in response to what it described as \u201cactivity by Scattered Spider threat actors against the commercial facilities sectors and subsectors.\u201d<\/p>\n The FBI told me that it is currently actively working with aviation and industry partners \u201cto address this activity and assist victims,\u201d and urged anyone who thinks their organization may have been targeted to contact their local FBI office. In the meantime, beware of anyone asking for unauthorized 2FA devices to be added to accounts and follow established security processes and procedures to the letter, no matter what the person making the request may say.<\/p>\n