Mandiant warns that the Scattered Spider cybercriminal group is utilizing “brazen” social engineering assaults to focus on giant enterprise organizations in a variety of sectors.
Particularly, the group targets “organizations with giant assist desk and outsourced IT capabilities that are inclined to their social engineering techniques.”
The risk actors impersonate staff and try to trick IT staff into granting them entry. The group additionally poses as IT staff to focus on staff.
Mandiant says organizations ought to prepare their staff to be looking out for the next social engineering techniques:
- “SMS phishing messages that declare to be from IT requesting customers to obtain and set up software program on their machine. These might embody claims that the person’s machine is out-of-compliance or is failing to report back to inside administration techniques
- SMS messages or emails with hyperlinks to websites that reference domains that seem official and reference SSO (single sign-on) and a variation of the corporate title. Messages might embody textual content informing the person that they should reset their password and/or MFA
- Telephone calls to customers from IT with requests to reset a password and/or MFA – or requesting that the person present a validated one time passcode (OTP) from their system.
- SMS messages or emails with requests to be granted entry to a specific system, significantly if the group already has a longtime technique for provisioning entry
- MFA fatigue assaults, the place attackers might repeatedly ship MFA push notifications to a sufferer’s system till the person unintentionally or out of frustration accepts one. Organizations ought to prepare customers to reject sudden MFA prompts and report such exercise instantly”
Moreover, customers must be cautious of suspicious communications by way of collaboration instruments.
“UNC3944 has used platforms like Microsoft Groups to pose as inside IT help or service desk personnel,” the researchers write. “Organizations ought to prepare customers to confirm uncommon chat messages and keep away from sharing credentials or MFA codes over inside collaboration instruments like Microsoft Groups. Limiting exterior domains and monitoring for impersonation makes an attempt (e.g., usernames containing ‘helpdesk’ or ‘help’) is suggested.”
KnowBe4 empowers your workforce to make smarter safety selections day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.
Mandiant has the story.
