Scattered Spider Attacking Finance & Insurance Industries WorldWide

Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own.

These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual property.

When their system is breached, threat actors may be able to access bank accounts or credit card details and other key exploitable information to manipulate it for financial gain through extortion or fraud.

Moreover, considerable ransom requests can be made using these critically important areas where their operations are interfered with.

Cybersecurity researchers at Resilience recently discovered that Scattered Spider has been actively attacking the finance and insurance industries worldwide.

Scattered Spider

The Scattered Spider, a group of hackers that has gained fame from breaching the likes of MGM and Caesars Casino, has now widened its attack to insurance companies and banks.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers 

For instance, they may use misleading domains that are almost indistinguishable from the real ones, timed to strike at the most opportune time and use forceful aggressive attacks that last for only a few hours. 

They even go as far as swapping SIM cards to gain remote control over targeted systems consequently emphasizing the urgency for robust impersonation defenses against phishing and credential thefts.

BlackCat (also known as AlphV), which is an affiliate of some other relentless group in no way loses its threatening quality with more than 30 victims so far in government agencies, this means defenders should be more vigilant.

Scattered Spider, the Advanced Persistent Threat group, has been pursuing attacks motivated by finances since 2022.

For SIM-swapping capabilities, this bold rival first targeted telecommunications companies before going ahead to contact victims directly in an effort to get socially engineer access.

By 2023, they had switched their focus to partnering with BlackCat ransomware creators making it possible to successfully breach Caesars Entertainment and MGM Resorts which are some of the most important targets.

There is a recent strategy change in Scattered Spider’s campaigns which now involve an intricate selection process that only goes for high-value organizations on the corporate level instead of taking advantage of any available target.

These crafty groups’ multi-tiered tactics still keep telecom providers at the inlet, which necessitates constant alertness, reads the Resilience Report.

Scattered Spider has the bold strategy of buying look-alike domains to impersonate victims such as “victimname-sso.com” where they host fake Okta login pages.

telynyx Okta phishing site (Source – Resilience)

These phishing sites have uncouth fingerprints, a “Need help?” that links to a real Okta subdomain but with a wrong name, and form submissions going towards “/f*ckyou.php.” 

Believed to be part of Star Fraud or The Com hacker community notorious for their illicit actions, Scattered Spider is said to have used an offending named Telegram channel in data extraction. 

Charter Communications Okta phishing page (Source – Resilience)

Starting by targeting telecoms initially, this group has gone rogue into food, insurance, retail, technology, and gaming industries as shown by their recent attack on Charter Communications using charter-vpn.com domains.

Asurion CMS phishing page and Asurion Okta phishing page (Source – Resilience)

Scattered Spider has been identified with a spearfishing campaign that exploited lookalike domains, and fraudulent CMS login pages titled “CMS Dashboard Login” masquerading as Okta campaigns and lasted for 12-48 hours before targeting the same organizations.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

The post Scattered Spider Attacking Finance & Insurance Industries WorldWide appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Go to Source
Author: Tushar Subhra Dutta