Priya Patel
TLDR:
- Scattered Spider ransomware group targeting financial and insurance sectors
- Using smishing and vishing against cloud admins and IT service desk administrators
In a recent analysis by EclecticIQ, it has been revealed that the dangerous ransomware group Scattered Spider is targeting financial and insurance companies using sophisticated social engineering techniques. The group is utilizing smishing and vishing attacks to target high-privileged accounts, such as those of IT service desk administrators and cybersecurity teams. By using stolen credentials, Scattered Spider gains access to cloud-based services and ultimately delivers ransomware attacks.
Scattered Spider has been observed leveraging legitimate features of cloud infrastructure to carry out its attacks, making them difficult to detect. The group targets cloud-based services like Microsoft Entra ID and Amazon Web Services Elastic Computer Cloud, as well as SaaS platforms such as Okta, ServiceNow, Zendesk, and VMware Workspace ONE. The attacks are so well-crafted that they can even deceive cloud security engineers.
Known for its sophisticated social engineering techniques, Scattered Spider has become infamous for ransomware attacks on major companies. The group’s operations have attracted global law enforcement attention, with recent arrests related to its activities. EclecticIQ has recommended a specific framework to help organizations defend against ransomware attacks and mitigate risks in cloud environments.
It is crucial for organizations to proactively secure their domains and implement strong authentication methods to prevent phishing attacks. By staying vigilant and following recommended security measures, organizations can protect themselves against threats from groups like Scattered Spider.
