Services
Insights
About Us
Contact
Lorem ipsum dolor sit amet consectetur interdum quam duis varius facilis.
Latest Blogs
No items found.
Follow Us
Blog

Aviation Under Siege: The Hawaiian Airlines Cybersecurity Event

Blog

Incident Overview

On June 26, 2025, Hawaiian Airlines confirmed that “some of our IT systems” were disrupted by a cybersecurity event, language often signaling a ransomware intrusion. The breach did not affect flight safety or schedules, but prompted FAA engagement and highlighted that even well-resourced carriers remain vulnerable . Within 24 hours, Google’s Mandiant and Palo Alto Networks warned that the “Scattered Spider” hacking group—also known as UNC3944—had begun targeting aviation and transportation, marking a shift toward highly organized, cross-sector campaigns. Previously linked to disruptions at MGM Resorts and British retailers, Scattered Spider’s social-engineering tactics and credential-harvesting tools pose acute risks to airlines’ complex IT ecosystems.


Implications for Internal Audit

  • Incident Response Effectiveness: Audit must verify that detection tools, escalation procedures, and crisis-management protocols are not only documented but routinely stress-tested under ransomware scenarios.
  • Third-Party Cyber Risk: Given the group’s focus on service providers, auditors should perform deep-dive assessments of critical vendors, examining contractual cybersecurity clauses, control attestations, and penetration-test results.
  • Business Continuity and Data Integrity: Disruptions highlight the need for robust backup strategies—verify recovery-time objectives, conduct regular restoration drills, and confirm data-integrity checks to safeguard against incomplete recoveries.


Actionable Recommendations

  1. Ransomware Tabletop Exercises: Orchestrate cross-functional drills simulating a ransomware breach, involving IT, legal, communications, and audit to identify coordination gaps and streamline decision-making.
  2. Vendor Control Scorecards: Develop dynamic scorecards for high-risk suppliers that include cybersecurity KPIs—patch cadence, MFA implementation, and incident-response readiness—and schedule periodic assurance reviews.
  3. Continuous Monitoring Deployment: Implement real-time analytics to detect anomalous user-behavior patterns, configuration deviations, and suspicious network traffic, feeding alerts directly to audit dashboards.

Primary Source: Hawaiian Airlines hit by cyber attack (Reuters)

Stay connected: follow us on LinkedIn and explore more at
www.CherryHillAdvisory.com.

This post is for subscribers only

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Incident Overview

On June 26, 2025, Hawaiian Airlines confirmed that “some of our IT systems” were disrupted by a cybersecurity event, language often signaling a ransomware intrusion. The breach did not affect flight safety or schedules, but prompted FAA engagement and highlighted that even well-resourced carriers remain vulnerable . Within 24 hours, Google’s Mandiant and Palo Alto Networks warned that the “Scattered Spider” hacking group—also known as UNC3944—had begun targeting aviation and transportation, marking a shift toward highly organized, cross-sector campaigns. Previously linked to disruptions at MGM Resorts and British retailers, Scattered Spider’s social-engineering tactics and credential-harvesting tools pose acute risks to airlines’ complex IT ecosystems.


Implications for Internal Audit

  • Incident Response Effectiveness: Audit must verify that detection tools, escalation procedures, and crisis-management protocols are not only documented but routinely stress-tested under ransomware scenarios.
  • Third-Party Cyber Risk: Given the group’s focus on service providers, auditors should perform deep-dive assessments of critical vendors, examining contractual cybersecurity clauses, control attestations, and penetration-test results.
  • Business Continuity and Data Integrity: Disruptions highlight the need for robust backup strategies—verify recovery-time objectives, conduct regular restoration drills, and confirm data-integrity checks to safeguard against incomplete recoveries.


Actionable Recommendations

  1. Ransomware Tabletop Exercises: Orchestrate cross-functional drills simulating a ransomware breach, involving IT, legal, communications, and audit to identify coordination gaps and streamline decision-making.
  2. Vendor Control Scorecards: Develop dynamic scorecards for high-risk suppliers that include cybersecurity KPIs—patch cadence, MFA implementation, and incident-response readiness—and schedule periodic assurance reviews.
  3. Continuous Monitoring Deployment: Implement real-time analytics to detect anomalous user-behavior patterns, configuration deviations, and suspicious network traffic, feeding alerts directly to audit dashboards.

Primary Source: Hawaiian Airlines hit by cyber attack (Reuters)

Stay connected: follow us on LinkedIn and explore more at
www.CherryHillAdvisory.com.

Our Recent Blogs

The Internal Auditor’s Playbook for 2026: What to Put on Your Plan (and Why)

October 7, 2025

GPS: From Military Secret to Civilian Necessity and the Lessons for Internal Auditors

August 26, 2025

Governance, Risk, and Compliance: Where Companies Stand and How to Improve

August 20, 2025