The hacking group known as Scattered Spider, previously involved in disruptive activities against MGM Resorts International's casinos and hotels last year, has reportedly initiated a new campaign targeting the financial and insurance sectors.
Cybersecurity experts have identified that this group has been active since April 20, targeting as many as 29 companies, including notable banks and insurance companies. At least two insurance companies have confirmed that their systems were compromised during these attacks, underscoring the serious threat posed by these cybercriminals.
These recent cyberattacks have implicated major financial institutions including Visa Inc., PNC Financial Services Group Inc., Transamerica, New York Life Insurance Co., and Synchrony Financial. Details on whether Scattered Spider successfully infiltrated these organizations remain unclear; however, the sophisticated nature of the attacks highlights the serious security challenges faced by these firms. Among the affected companies, Transamerica and Synchrony have opted not to comment, while Visa, PNC, and New York Life have not yet responded to inquiries regarding these security breaches.
Scattered Spider has employed a calculated strategy involving the acquisition of domain names that closely mimic those of their targets. These domains are then used to set up fraudulent login pages as part of a phishing scheme designed to deceive employees of the targeted companies.
Employees are lured to these pages and tricked into entering their credentials, which the attackers then harvest. The fraudulent sites are often disguised to resemble legitimate interfaces, commonly imitating services from companies like Okta Inc. or various content management systems.
An alarming tactic revealed by Resilience Cyber Insurance Solutions involves Scattered Spider directing victims to a specific "help signing in" link on the counterfeit login pages, which then redirects them to another domain controlled by the hackers. This domain is distinctively offensive, incorporating racist slurs into its URL, indicating the brazen nature of Scattered Spider's operations.
In response to the increasing threat posed by Scattered Spider, Okta Inc. has ramped up its security measures. The company is actively monitoring the threat landscape and has implemented new security features to better protect against these types of cyberattacks.
These measures include the introduction of phishing-resistant authentication and the addition of more rigorous security checks for sensitive login attempts, aiming to thwart the hackers' attempts to gain unauthorized access.
Scattered Spider is no stranger to the realm of high-profile cybercrimes, having been involved in numerous attacks on large corporations such as MGM, Caesars Entertainment Inc., Coinbase Global Inc., and Clorox Co. These past activities not only caused significant operational disruptions but also led to a noticeable shortage of cleaning supplies across the United States due to the attack on Clorox Co.
The group's primary method involves social engineering tactics, particularly targeting employees in customer service positions like call centers and IT help desks, manipulating them into revealing passwords and other sensitive information through impersonation and intimidation.
The activities of Scattered Spider saw a temporary decline between December and February, which cybersecurity experts speculate could be related to several factors such as the holiday season, a strategic decision to lay low amidst growing scrutiny, or time taken to strategize and select new targets for their criminal activities.
The group, which refers to itself as Star Fraud, is composed of predominantly teenage and young adult hackers from the United States and the United Kingdom. These individuals are part of a broader criminal network known as The Com. Initially focusing on the telecommunications sector, Scattered Spider has significantly expanded its range of targets in 2024 to include a diverse array of industries such as banking, insurance, food, retail, and video games.
CrowdStrike Holdings Inc., a cybersecurity firm, has been diligently tracking the activities of Scattered Spider and has documented 52 breaches attributed to this group as of October 2023. The ongoing threat posed by Scattered Spider has prompted both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to issue public appeals for information that could assist in identifying and capturing members of this elusive hacking group. Despite these efforts, there has been no immediate response from the FBI or CISA regarding the most recent incidents linked to Scattered Spider.
08.05.2024
Комментарии