July 2, 2025

Just months after Scattered Spider caused havoc in the UK retail sector, the cybercrime group has turned on the global airline industry, with recent incidents impacting Hawaiian Airlines, WestJet, and Qantas.

This marks Scattered Spider’s third major industry focus in just two months, following coordinated attacks on insurance and retail companies in the US and the UK. Between May and June 2025 alone, retailers like Marks & Spencer, Harrods, Cartier, Victoria’s Secret, and Adidas were breached, along with insurance giants Aflac and Philadelphia Insurance Companies. The M&S attack alone is estimated to cost £300 million and caused months of operational disruption.

As warned by the FBI, Scattered Spider “targets large corporations and their third-party IT providers, meaning anyone in the airline ecosystem — including vendors and contractors — could be at risk.”

These attacks are specifically designed to exploit the fundamental weakness of traditional multi-factor authentication (MFA) based on shared secrets — factors like passwords or one-time passcodes that can be intercepted, stolen, or socially engineered. Organizations can no longer ask if they will be targeted, but when. The key to mitigating these attacks is moving beyond shared secrets to phishing-resistant, identity-based MFA.

The Anatomy of the Scattered Spider Attack

While Scattered Spider’s industry targets evolve, their tactics remain consistent:

  • Sophisticated Research & Social Engineering: Attackers conduct deep reconnaissance to gather personal data, such as Social Security numbers and addresses.

  • Targeting Vulnerable Help Desks: Help desks, often outsourced and script-driven, are prime targets for impersonation. As Austin Larsen, principal threat analyst at Google Mandiant, notes: “It’s a challenge for help desks to detect these attacks, given how much information the attacker typically has.”

  • SIM Swapping: Armed with detailed personal data, attackers trick mobile carriers into porting a victim’s phone number to an attacker-controlled SIM, intercepting SMS-based one-time passcodes to bypass MFA.

  • Ransomware & Data Exfiltration: With fraudulent MFA authorization, attackers gain access to corporate systems, escalate privileges, deploy ransomware, or steal data, demonstrating that even the best technical defenses fail if the human element is compromised.

The Flaw in Legacy MFA

For years, MFA has been seen as a cybersecurity cornerstone. But traditional MFA assumes that anyone who passes a second factor is legitimate — a belief that Scattered Spider attacks have proven dangerously outdated. MFA based on shared secrets introduces a human vulnerability that social engineering exploits with alarming ease.

Instead of verifying what someone knows (passwords, secret questions) or what they have (one-time codes), organizations should verify who the individual is (using third-party biometrics). By shifting verification to technology rather than relying on users, organizations can eliminate the human factor – the weakest link in identity security.

How iProov Neutralizes Scattered Spiders’ Tactics

As organizations adopt Zero Trust security models, biometrics with liveness detection provide a vital high-trust identity layer for high-risk activities like password resets, account recovery, and device authorization. Facial biometrics with liveness verification fundamentally change workforce authentication and neutralize Scattered Spider’s tactics:

  • No SIM Swapping Risk: A face scan ties authentication directly to a person’s unique biological identity, not a phone number or device vulnerable to compromise.

  • Immune to Social Engineering: There are no secrets for employees to reveal. Authentication happens in real time, eliminating the human weak point that attackers exploit.

  • AI-Resistant: iProov’s technology detects and blocks even advanced AI-based spoofing, ensuring only a genuine, live person can authenticate.

Beyond unmatched security, iProov Workforce MFA offers a fast, intuitive experience, boosting productivity without sacrificing security.

Add a High-Trust Identity Layer to MFA

Groups like Scattered Spider threaten the very foundations of organizational trust, particularly as they expand into critical sectors like airlines. The need to strengthen workforce security strategies has never been more urgent.

To learn how to add a high-trust biometric identity layer to your MFA, sign up for our webinar.

shutterstock 1485113963 scaled
Table of Contents