Sunday, September 8, 2024
Homecyber securityScattered Spider Attacking Finance & Insurance Industries WorldWide

Scattered Spider Attacking Finance & Insurance Industries WorldWide

Published on

Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own.

These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual property.

When their system is breached, threat actors may be able to access bank accounts or credit card details and other key exploitable information to manipulate it for financial gain through extortion or fraud.

- Advertisement - EHA

Moreover, considerable ransom requests can be made using these critically important areas where their operations are interfered with.

Cybersecurity researchers at Resilience recently discovered that Scattered Spider has been actively attacking the finance and insurance industries worldwide.

Scattered Spider

The Scattered Spider, a group of hackers that has gained fame from breaching the likes of MGM and Caesars Casino, has now widened its attack to insurance companies and banks.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers 

For instance, they may use misleading domains that are almost indistinguishable from the real ones, timed to strike at the most opportune time and use forceful aggressive attacks that last for only a few hours. 

They even go as far as swapping SIM cards to gain remote control over targeted systems consequently emphasizing the urgency for robust impersonation defenses against phishing and credential thefts.

BlackCat (also known as AlphV), which is an affiliate of some other relentless group in no way loses its threatening quality with more than 30 victims so far in government agencies, this means defenders should be more vigilant.

Scattered Spider, the Advanced Persistent Threat group, has been pursuing attacks motivated by finances since 2022.

For SIM-swapping capabilities, this bold rival first targeted telecommunications companies before going ahead to contact victims directly in an effort to get socially engineer access.

By 2023, they had switched their focus to partnering with BlackCat ransomware creators making it possible to successfully breach Caesars Entertainment and MGM Resorts which are some of the most important targets.

There is a recent strategy change in Scattered Spider’s campaigns which now involve an intricate selection process that only goes for high-value organizations on the corporate level instead of taking advantage of any available target.

These crafty groups’ multi-tiered tactics still keep telecom providers at the inlet, which necessitates constant alertness, reads the Resilience Report.

Scattered Spider has the bold strategy of buying look-alike domains to impersonate victims such as “victimname-sso.com” where they host fake Okta login pages.

telynyx Okta phishing site (Source – Resilience)

These phishing sites have uncouth fingerprints, a “Need help?” that links to a real Okta subdomain but with a wrong name, and form submissions going towards “/f*ckyou.php.” 

Believed to be part of Star Fraud or The Com hacker community notorious for their illicit actions, Scattered Spider is said to have used an offending named Telegram channel in data extraction. 

Charter Communications Okta phishing page (Source – Resilience)

Starting by targeting telecoms initially, this group has gone rogue into food, insurance, retail, technology, and gaming industries as shown by their recent attack on Charter Communications using charter-vpn.com domains.

Asurion CMS phishing page and Asurion Okta phishing page (Source – Resilience)

Scattered Spider has been identified with a spearfishing campaign that exploited lookalike domains, and fraudulent CMS login pages titled “CMS Dashboard Login” masquerading as Okta campaigns and lasted for 12-48 hours before targeting the same organizations.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...