Former FBI Deputy Director Paul Abbate Warns Airlines Face Growing Cyber Threat as Scattered Spider Evolves Tactics

As cybercriminal groups like Scattered Spider ramp up attacks on critical sectors, the airline industry has become a prime target during peak travel seasons. In this interview, Paul Abbate, Former Deputy Director of the FBI, shares insights on why traditional defenses are falling short, the growing role of AI-powered deception, and why early engagement with federal agencies is essential. Abbate also outlines the most overlooked vulnerabilities in aviation cybersecurity and how organizations can build stronger resilience before a crisis strikes.

With travel reaching record highs this summer, why is the airline industry such a prime target for groups like Scattered Spider right now?

Cybercriminal groups are likely targeting the airline industry in an attempt to exploit for profit the anxiety travelers feel during busy periods around holidays together with the pressure airlines are under to deliver on-time service and maximize profits. Groups like Scattered Spider know there is a higher probability companies will pay when the cost benefit analysis leans in their favor and the victim has to weigh the potential loss of revenue and reputational harm against the ransom amount to keep business running smoothly. In a high stress, heavy volume travel environment, these factors might tip much more heavily toward paying a ransom. While there are no known instances of actual harm occurring as a result of cyber targeting of airlines, the risks associated with interfering with such systems are very real and, regardless of motive, must be taken seriously.

How are Scattered Spider’s tactics evolving, and why are traditional static defenses no longer sufficient to stop them?

Scattered Spider, and other cybercriminal groups, are continuously evolving and adapting their tactics and techniques in order to stay ahead of cyber defenses and evade law enforcement efforts to stop them. While core techniques like social engineering remain consistent, the actors will change direct approaches based on past experience in order to most effectively deceive IT help desk personnel and others within a targeted company to go along with their requests. With the emergence of new technologies, there have also been a growing number of instances where AI is applied to create deepfakes, both audio and visual, to trick the employee into believing they are speaking with a customer or someone from the company. Additionally, these actors are also expanding their scope beyond primary targets to include third-party vendors and partners, meaning any organization within a broader ecosystem—like aviation—is at risk. Discussions across the industry, including recent engagements with the team at Nagomi Security, reinforce how rapidly these tactics are evolving and the need for more adaptive, control-aware defenses to manage exposure and respond proactively.

You’ve emphasized early incident reporting, so what are the consequences when companies delay notifying law enforcement during a cyberattack?

The consequences of failing to report a cyber incident to the FBI, or delaying reporting, can have severe implications, potentially resulting in further damage and missed opportunities to prevent future harm. By reporting at the earliest possible stage, it allows the private sector and government to share information and intelligence, both real-time and historic, leveraging the partnership to mitigate and stop any further fallout from the immediate breach but also to warn other potential victims to prevent future attacks by disseminating indicators of compromise and methods of attack. This allows others to adapt and configure cyber defenses in advance to avoid a breach.

How can airlines and other high-risk sectors build better real-time intelligence and partnerships with federal agencies before a crisis hits?

It is essential to form trusted relationships with the FBI, CISA, and sector-specific federal agencies in advance of a crisis. Doing so allows for the sharing of information and intelligence in real-time, positioning companies to calibrate cyber defenses to most effectively prevent an incoming attack. Ongoing, established relationships go far in avoiding gaps in both time and situational awareness when it comes to cyber threats and also lead to the development of a strong foundation and culture of prevention. In a recent conversation with Emanuel Salmona, CEO of Nagomi Security, he emphasized that when federal agencies understand a company’s exposure, and there’s already an operational plan in place, response efforts can be dramatically accelerated. In the unfortunate event of an attack, existing partnerships mean heightened preparedness, more effective communication, faster mitigation, and better all around outcomes in the midst of a crisis. 

Given your experience at the FBI, what’s the most overlooked vulnerability in aviation cybersecurity today and what can be done immediately to address it?  

Regardless of industry, the number one vulnerability is complacency and failure to prioritize cybersecurity. This means building awareness regarding the cyber threat and training to be preventative across the company and at all levels, including executive leadership, boards of directors, and the entire workforce. Everyone within an organization must be vigilant, exercise good judgment and be prepared in the event of an attack. Most cyberattacks are preventable and the vast majority are the result of a human failure, such as falling victim to a spearphishing approach or clicking on a malicious link. Training personnel effectively and building a strong security culture within a company combined with staying up-to-date on the latest cyber threat intelligence and incorporating that into technical defenses are the keys to putting in place the most effective preventive measures.