Friday, May 24, 2024

Scattered Spider Attacking Finance & Insurance Industries WorldWide

Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own.

These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual property.

When their system is breached, threat actors may be able to access bank accounts or credit card details and other key exploitable information to manipulate it for financial gain through extortion or fraud.

Moreover, considerable ransom requests can be made using these critically important areas where their operations are interfered with.

Cybersecurity researchers at Resilience recently discovered that Scattered Spider has been actively attacking the finance and insurance industries worldwide.

Scattered Spider

The Scattered Spider, a group of hackers that has gained fame from breaching the likes of MGM and Caesars Casino, has now widened its attack to insurance companies and banks.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers 

For instance, they may use misleading domains that are almost indistinguishable from the real ones, timed to strike at the most opportune time and use forceful aggressive attacks that last for only a few hours. 

They even go as far as swapping SIM cards to gain remote control over targeted systems consequently emphasizing the urgency for robust impersonation defenses against phishing and credential thefts.

BlackCat (also known as AlphV), which is an affiliate of some other relentless group in no way loses its threatening quality with more than 30 victims so far in government agencies, this means defenders should be more vigilant.

Scattered Spider, the Advanced Persistent Threat group, has been pursuing attacks motivated by finances since 2022.

For SIM-swapping capabilities, this bold rival first targeted telecommunications companies before going ahead to contact victims directly in an effort to get socially engineer access.

By 2023, they had switched their focus to partnering with BlackCat ransomware creators making it possible to successfully breach Caesars Entertainment and MGM Resorts which are some of the most important targets.

There is a recent strategy change in Scattered Spider’s campaigns which now involve an intricate selection process that only goes for high-value organizations on the corporate level instead of taking advantage of any available target.

These crafty groups’ multi-tiered tactics still keep telecom providers at the inlet, which necessitates constant alertness, reads the Resilience Report.

Scattered Spider has the bold strategy of buying look-alike domains to impersonate victims such as “” where they host fake Okta login pages.

telynyx Okta phishing site (Source – Resilience)

These phishing sites have uncouth fingerprints, a “Need help?” that links to a real Okta subdomain but with a wrong name, and form submissions going towards “/f*ckyou.php.” 

Believed to be part of Star Fraud or The Com hacker community notorious for their illicit actions, Scattered Spider is said to have used an offending named Telegram channel in data extraction. 

Charter Communications Okta phishing page (Source – Resilience)

Starting by targeting telecoms initially, this group has gone rogue into food, insurance, retail, technology, and gaming industries as shown by their recent attack on Charter Communications using domains.

Asurion CMS phishing page and Asurion Okta phishing page (Source – Resilience)

Scattered Spider has been identified with a spearfishing campaign that exploited lookalike domains, and fraudulent CMS login pages titled “CMS Dashboard Login” masquerading as Okta campaigns and lasted for 12-48 hours before targeting the same organizations.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free


Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles