Info@NationalCyberSecurity
Info@NationalCyberSecurity

FBI And CISA Issue Advisory On Scattered Spider Ransomware Attacks – Security | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware



To print this article, all you need is to be registered or login on Mondaq.com.

Key Takeaways:

  • The Federal Bureau of Investigation (FBI) and Cybersecurity
    & Infrastructure Security Agency (CISA) have jointly issued a
    cybersecurity advisory in response to recent activity by the threat
    actor group known as Scattered Spider.

  • Scattered Spider is known to target large companies holding
    sensitive data – including financial services,
    telecommunications, business process outsourcing, hospitality, and
    cryptocurrency firms – for ransomware attacks.

  • Scattered Spider largely relies upon impersonating IT support
    professionals and manipulating target company employees into
    sharing passwords or running malicious executables through remote
    access software.

Large companies holding sensitive data – including
financial services, telecommunications, business process
outsourcing, hospitality, and cryptocurrency firms – as well
as their IT helpdesks, are increasingly being targeted by
ransomware attacks. The Federal Bureau of Investigation (FBI) and
Cybersecurity & Infrastructure Security Agency (CISA) have
jointly released a cybersecurity advisory in response to recent activity by the
threat actor group known as Scattered Spider. Scattered Spider
received significant attention in September 2023 when it launched a
ransomware attack against multiple casino operators, the details of
which became known in securities filings following the SEC’s
adoption of data breach reporting rules for public
companies in July 2023. Scattered Spider has re-emerged in recent
days launching ransomware attacks against multiple targets in a
short span of time. The main details of the advisory are summarized
below, though clients should direct their IT professionals to
consult the full advisory.

What techniques are Scattered Spider employing?

Scattered Spider operatives have been reported to be posing as
company IT or helpdesk staff in order to obtain credentials from
employees, or to direct employees to run remote access tools that
permit Scattered Spider to access a company network. Because IT
support is also frequently offered through the use of remote access
tools, Scattered Spider has been able to successfully impersonate
IT professionals on a number of occasions. Similarly, Scattered
Spider has been making use of multi-factor authentication tools
(again utilizing tools that are familiar to employees who
frequently utilize tech support) to prompt employees to share
passwords and/or run remote access tools.

What can be done to mitigate the threat?

The FBI and CISA recommend the use of the following measures:

  • Address the threat of remote access tools:

    • This includes auditing remote access tools on a company
      network, reviewing logs for execution of remote access software,
      and requiring only authorized remote access solutions to be used
      only from within a company network.


  • Implementing application controls that manage and control
    execution of software. The use of “allow-listing” (that
    is, only allowing pre-defined software to be executed) can block
    un-listed application execution, including execution of malicious
    files that are compressed, encrypted, or otherwise obfuscated.

  • Implementing multi-factor authentication based on public key
    infrastructure, which is known to resist the tactics utilized by
    Scattered Spider.

  • Strictly limiting the use of remote desktop protocols and, when
    using, taking extra precautions such as locking out accounts after
    a specified number of attempts and logging in remote desktop
    logins.

In addition, the FBI and CISA reinforce the continued importance
of basic cybersecurity best practices:

  • Implementing recovery plans and retaining multiple copies of
    sensitive data that could be targeted in a ransomware attack,
    including maintaining offline backups.

  • Requiring all accounts with passwords to comply with NIST
    password standards.

  • Requiring phishing-resistant multi-factor authentication for
    all services to the extent possible.

  • Keeping operating systems, software, and firmware up to
    date.

  • Segmenting networks to prevent the spread of ransomware.

  • Monitoring networks for abnormal activity.

  • Installing and regularly updating antivirus software.

  • Disabling unused ports and protocols.

  • Ensuring that backup data is encrypted, that it cannot be
    altered, and that it covers the entire organization’s
    infrastructure.

Additionally, the FBI and CISA are actively soliciting reporting
on the Scattered Spider group actors, and urge individuals or
entities suffering from ransomware attacks or that obtain
information about Scattered Spider to contact a local FBI field
office or CISA operations center.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from United States

Generative AI And The Future Of Accounting

McLane Middleton, Professional Association

This summer, the Wall Street Journal published an article that discussed how accounting will be disrupted by generative artificial intelligence, a form of AI technology that identifies patterns

——————————————————–


Click Here For The Original Source.

National Cyber Security

FREE
VIEW