According to the Google Threat Intelligence Group (GTIG), the infamous cybercrime group (UNC3944), known recently as scattered spiders (aka UNC3944), which targets a variety of UK and US retailers, has begun targeting major insurance companies.
“Google Threat Intelligence Group is currently aware of multiple US intrusions,” GTIG chief analyst John Hartquist told an email Monday.
“We are currently seeing incidents in the insurance industry. Given the history of this actor focusing on the sector at once, the insurance industry should be highly vigilant, especially due to the social engineering schemes targeting their help desks and call centers.”
Scattered spiders are names assigned to amorphous populations known for using advanced social engineering tactics to violate organizations. In recent months, threat actors are believed to have fake their alliance with the Dragon Force ransomware cartel in the wake of the latter’s takeover of the Ransom Hub infrastructure.
“The group has repeatedly demonstrated its ability to impersonate employees, deceive IT support teams and bypass multifactorial authentication (MFA) through psychological tactics,” SOS Intelligence said.
“Although often referred to as “native English speakers,” they are suspected of having or having connections with Western countries, resulting in cultural urgency that makes phishing and telephone-based attacks surprisingly effective. ”
Earlier this month, ReliaQuest revealed that scattered Spider and Dragonforce are increasingly targeting managed service providers (MSPs) and IT contractors to gain access to several downstream customers through a single compromise.
Mandiant, owned by Google, said threat actors often want to select large enterprise organizations and perhaps land a larger payday.
Particularly targeted are companies with large-scale help desks, outsourcing IT functions that are susceptible to social engineering attacks.
To oppose the tactics exploited by e-crime groups, we recommend training help desk personnel to strengthen authentication, implement strict identity controls, implement access restrictions and boundaries to prevent privilege escalation and lateral movement, and actively identify employees before resetting their accounts.
Source link
