Heimdal
article featured image

Contents:

Scattered Spider, a notorious cybercriminal group, has recently upgraded its tactics by incorporating BlackCat ransomware into its operations.

The announcement comes from CISA and the FBI, who issued a joint advisory warning businesses that Scattered Spider has updated its tactics, techniques, and procedures (TTPs) to reach their targets more effectively.

Scattered Spider, also called Starfraud, UNC3944, Scatter Swine, and Muddled Libra, has been in the news recently for allegedly attacking casino giants MGM Resorts and Caesars Entertainment.

New tactics

The group usually uses social engineering to steal data for extortion, but it recently added BlackCat ransomware to its arsenal.

After exfiltrating data, the attackers used ransomware to encrypt VMware Elastic Sky X integrated (ESXi) servers.

They communicated with victims using TOR, Tox, email, or encrypted applications after encrypting the servers, explains Cyware.

Sophisticated Attack Methods

To obtain credentials, install remote access tools, and bypass MFA, the gang employs phishing emails, push bombing, and SIM swapping.

Scattered Spider uses legitimate remote access tunneling tools such as Fleetdeck[.]io, ngrok, and Pulseway to gain access to victims’ systems. To avoid detection, it also employs off-the-grid living techniques.

In the final phase, the attackers use a variety of malware, including AveMaria, Raccoon Stealer, and Vidar Stealer.

Countermeasures

The federal agencies are urging organizations to increase their cybersecurity measures to diminish the chances and consequences of cyberattacks from Scattered Spider.

They recommend several strategies, such as:

The full joint cybersecurity advisory is available here. The announcement comes shortly after CISA’s recent warnings about the threats posed by Rhysida ransomware and Royal ransomware.

If you liked this piece, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Heimdal Official Logo
Simple standalone security solutions are no longer enough.
Is an innovative and enhanced multi-layered EDR security approach to organizational defense.
  • Next-gen Antivirus & Firewall which stops known threats;
  • DNS traffic filter which stops unknown threats;
  • Automatic patches for your software and apps with no interruptions;
  • Privileged Access Management and Application Control, all in one unified dashboard
Try it for FREE today 30-day Free Trial. Offer valid only for companies.
Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE