- The scattered spider is evolving, CISA, the FBI and others have warned
- Computer pirates are using additional malware, including dragonforce
- Companies must use phishing resistant to defend
The scattered spider is only heating with their cyber attacks, and companies must be on guard for possible attacks, police forces said.
A warning given by the US cybersecurity and infrastructure security agency. attacked with attackers.
Computer pirates have also added a new malware, such as Rattyrat for stealthy access and dragonforce ransomware, to encrypt systems and the payment of demand, especially addressing the Esxi VMware servers.
More to come
Also known as Okto Tempest (and a handful of other names), the scattered spider is described as a highly aggressive and sophisticated cybercriminal group known for attacking the main companies through social engineering, phishing and identity -focused attacks.
The group is infamous due to the use of SIM exchange, MFA fatigue attacks and the supplantation of the help table to obtain initial access, and it is the last thing CISA is now stressing even more.
The scattered spider is usually dedicated to double extortion attacks, exfiltrating confidential files to third -party servers before encrypting the destination infrastructure. To store stolen files, they are using Mega.NZ and Amazon S3, and in some cases, thousands of consultations against snowflake environments have executed to steal large volumes of data quickly.
To stay hidden, they create false identities backed by social media profiles, control internal communications such as Slack and Microsoft teams, and even bind to incident response calls to learn how defenders are reacting.
Cisisa says that more scattered spider attacks are expected in the coming weeks and months, and urges organizations to use phishing resistant (such as Fido/Webauthn), audit and restrict remote access tools, monitor session late Vulnerabilities
Through Cybernews
