The US FBI and cybersecurity experts are warning that the Scattered Spider extortion gang has shifted its focus to the aviation and transportation sectors, BleepingComputer reports.
The group spent the past several months targeting companies in the retail and insurance sectors, and has now hit several airlines.
Scattered Spider uses social engineering attacks to gain initial access, then steals data and/or deploys ransomware to extort their victims.
Palo Alto Networks’ Unit 42 says the group frequently targets organizations’ help desks to trick IT workers into resetting passwords for them. Unit 42’s SVP of Consulting and Threat Intelligence Sam Rubin stated, “Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests.”
Likewise, Charles Carmakal, CTO at Google’s Mandiant, said in a LinkedIn post, “We recommend that the industry immediately take steps to tighten up their help desk identity verification processes prior to adding new phone numbers to employee/contractor accounts (which can be used by the threat actor to perform self-service password resets), reset passwords, add devices to MFA solutions, or provide employee information (e.g. employee IDs) that could be used for a subsequent social engineering attacks.”
Carmakal points to Mandiant’s guidance on defending against Scattered Spider, which notes that the group is “extremely proficient at using multiple forms of social engineering to convince users into doing something that will allow them to gain access.” Mandiant says organizations should educate users to be on the lookout for these tactics.
New-school security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
BleepingComputer has the story.
