- Spread spider develops, cisa, fbi and others have warned
- Hackers use additional malware, including Dragonforce
- Businesses need to use phishing-resistant MFA to defend
Scattered spider is only heated with its cyberattacks, and companies must be on their guard for possible attacks, law enforcement forces have said.
A warning from US cyber security and infrastructure security agency (CISA) and a handful of other security agencies in Canada, Britain and Australia, say the group has evolved to use more advanced social engineering work -mostly mimicking employees to fool it helping to help resetting passwords and transferring MFA tokens to attack.
The hackers have also added new malware, such as Rattyrat to Stealthy Access and Dragonforce Ransomware to encrypt systems and demand for payment – especially targeted VMware ESXI servers.
More to come
Also known as Otto Tempest (and a handful of other names), scattered spider is described as a very aggressive and sophisticated cyber criminal group known to target larger companies through social engineering, phishing and identity -focused attacks.
The group is notorious for its use of SIM -exchange, MFA -fatigue attacks and Help Desk -Post -off to gain initial access, and it is the latter that CISA is now further emphasized.
Spread spider is generally engaged in double development attacks that exfilter sensitive files to third -party servers before the target infrastructure of the target infrastructure. To save the stolen files, they use mega.nz and Amazon S3, and in some cases they have run thousands of inquiries against snowflake environments to quickly steal large amounts of data.
To remain hidden, they create false identities that are supported by profiles on social media, monitor internal communication such as Slack and Microsoft teams and even participate in incidental response calls to learn how defenders react.
CISA says that more scattered spider attacks can be expected in the coming weeks and months and encourages organizations to use phishing-resistant MFA (such as FIDO/Webauthn), revision and limited remote access tools, monitor risky login and unusual account behavior, maintain offline, encrypted backups, segment networks and patches.
Via Cygenerws
