Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Scattered Spider, a notorious cybercriminal group, has recently upgraded its tactics by incorporating BlackCat ransomware into its operations.
The announcement comes from CISA and the FBI, who issued a joint advisory warning businesses that Scattered Spider has updated its tactics, techniques, and procedures (TTPs) to reach their targets more effectively.
Scattered Spider, also called Starfraud, UNC3944, Scatter Swine, and Muddled Libra, has been in the news recently for allegedly attacking casino giants MGM Resorts and Caesars Entertainment.
New tactics
The group usually uses social engineering to steal data for extortion, but it recently added BlackCat ransomware to its arsenal.
After exfiltrating data, the attackers used ransomware to encrypt VMware Elastic Sky X integrated (ESXi) servers.
They communicated with victims using TOR, Tox, email, or encrypted applications after encrypting the servers, explains Cyware.
Sophisticated Attack Methods
To obtain credentials, install remote access tools, and bypass MFA, the gang employs phishing emails, push bombing, and SIM swapping.
Scattered Spider uses legitimate remote access tunneling tools such as Fleetdeck[.]io, ngrok, and Pulseway to gain access to victims’ systems. To avoid detection, it also employs off-the-grid living techniques.
In the final phase, the attackers use a variety of malware, including AveMaria, Raccoon Stealer, and Vidar Stealer.
Countermeasures
The federal agencies are urging organizations to increase their cybersecurity measures to diminish the chances and consequences of cyberattacks from Scattered Spider.
They recommend several strategies, such as:
- employing application whitelisting for software management
- implementing best practices for securing Remote Desktop Protocol (RDP) usage
- and using Endpoint Detection and Response (EDR) tools for overseeing endpoint activities and identifying unusual behavior.
The full joint cybersecurity advisory is available here. The announcement comes shortly after CISA’s recent warnings about the threats posed by Rhysida ransomware and Royal ransomware.
If you liked this piece, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
- Next-gen Antivirus & Firewall which stops known threats;
- DNS traffic filter which stops unknown threats;
- Automatic patches for your software and apps with no interruptions;
- Privileged Access Management and Application Control, all in one unified dashboard
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
