Scattered Spider: Even FBI is worried about this hacking group – ET CISO
https://etimg.etb2bimg.com/thumb/msid-105307077,imgsize-33494,width-1200,height=765,overlay-etciso/cybercrime-fraud/scattered-spider-even-fbi-is-worried-about-this-hacking-group.jpg
In recent months, a group of hackers called Scattered Spider is believed to have broken into the systems of major corporations, including MGM Resorts, Caesars Entertainment, Clorox and others. The Federal Bureau of Investigation (FBI) has struggled to nab the group members even though it is believed they are based in the US and other Western countries. The agency has now warned companies to guard against the group.
As a part of its investigation, the FBI has asked victims of cyberattacks to share more details about the incidents, an official said.
“If we don’t get detailed, timely and accurate information as to these intrusions, we are not able to take actions on those,” an FBI official was quoted as saying.
“They make mistakes just like we do, so the more data that we have coming in, the better able we’re able to make those connections and execute actions against those actions,” the official added.
Why Scattered Spider is a problem
The hacking group is highly-skilled and vigilant in their operations, making it difficult for FBI to stop these hackers. According to a report by news agency Reuters, they use fake profiles and impersonations to trick a victim organisation’s help desk into giving them access.
After gaining access into an organisation’s systems, the hacking group keep an eye on internal communication channels such as Slack, Microsoft Teams and Microsoft Exchange online.
They also keep a tab on emails or conversations that might show if their breach had been discovered, said a joint statement by the FBI and US Cybersecurity and Infrastructure Security Agency (CISA), that sheds light into how these hackers operate.
The criminals “frequently join incident remediation and response calls and teleconferences, likely to identify how security teams are hunting them and proactively develop new avenues of intrusion in response to victim defenses,” it added.
What FBI, CISA are doing
Apart from urging victim organisations to share information such as a sample ransom note, communications with the hackers, their cryptocurrency wallet information, or samples of malicious files, the FBI and CISA urged critical infrastructure organisations to implement security measures they recommended.
“FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered,” they said.