WestJet Investigates Cyberattack Disrupting Internal Systems: Technical Analysis and Industry Context

WestJet, Canada’s second-largest airline, is investigating a cyberattack that has disrupted access to internal systems, according to an advisory issued by the company¹. The incident has restricted employee and customer access to certain platforms, including the airline’s mobile app, though no confirmed data breach has been reported yet². WestJet has activated incident response teams and is collaborating with Transport Canada and law enforcement agencies to mitigate the impact³.

Incident Scope and Response

The cyberattack has primarily affected WestJet’s internal systems, limiting operational functionality for employees and restricting customer access to digital services⁴. The airline has not disclosed the specific attack vector, but early reports suggest that sensitive data may be at risk⁵. WestJet’s official statement emphasizes that specialized teams are working to contain the incident and minimize disruptions⁶.

Historical data reveals that WestJet has faced persistent cyber threats, with reports indicating hundreds of thousands of annual attacks since at least 2018⁷. This incident underscores the aviation sector’s vulnerability to cyber threats, particularly given its reliance on interconnected systems for flight operations, reservations, and customer data management.

Broader Cybersecurity Trends

The WestJet incident aligns with a surge in cyberattacks targeting critical infrastructure and transportation sectors. Recent activity includes:

Advanced Persistent Threats (APTs): Groups like Stealth Falcon have exploited zero-day vulnerabilities (e.g., CVE-2025-33053 in WebDAV) to compromise organizations⁸.
Ransomware: BlackSuit and DragonForce have adopted aggressive tactics, including double extortion and social engineering⁹.
Critical Vulnerabilities: Microsoft’s June 2025 Patch Tuesday addressed 66 flaws, including SMB privilege escalation (CVE-2025-33073)¹⁰.

Technical Implications for Security Teams

For security professionals, the WestJet incident highlights several key considerations:

Area	Details
Attack Surface	Aviation systems often integrate third-party vendors, expanding potential entry points for attackers.
Detection Gaps	Limited visibility into legacy systems may delay incident response.
Mitigation	Prioritize patching for WebDAV, SAP NetWeaver (CVE-2025-42989, CVSS 9.6), and SMB vulnerabilities.

Remediation and Best Practices

Organizations in similar sectors should:

Audit third-party vendor access to critical systems.
Implement network segmentation to limit lateral movement.
Monitor for anomalous activity in authentication logs and API traffic.

WestJet’s response will likely influence future regulatory measures for aviation cybersecurity. Transport Canada may introduce stricter reporting requirements or mandate enhanced security protocols for airlines¹¹.

Conclusion

The WestJet cyberattack serves as a reminder of the persistent threats facing critical infrastructure. While the full scope of the incident remains under investigation, the aviation sector must prioritize proactive defense measures, including vulnerability management and threat intelligence sharing. Security teams should review incident response plans and ensure alignment with industry frameworks like NIST CSF or MITRE ATT&CK.