Women Targeted in Vishing Attacks by Scattered Lapsus$ Hunters Group

In a recent development that has raised concerns among cybersecurity experts, the Scattered Lapsus$ Hunters (SLH) hacking collective has launched a recruitment push targeting women for participation in voice-phishing (vishing) attacks. This move is part of a broader trend of hackers seeking to exploit vulnerable targets through social engineering tactics.

The SLH group, which appears to be an informal coalition of individuals associated with other hacking collectives, including Lapsus$ and Scattered Spider, has been operating for some time and has successfully targeted several high-profile organizations. According to threat intelligence firm Dataminr, the group is offering cash payments of between $500 and $1,000 per call to female callers who are willing to participate in vishing attacks. The group is also providing prepared scripts to guide these recruits through impersonation attempts.

The use of women in vishing attacks is not a new phenomenon. In recent years, there has been an increase in the number of women being targeted by hackers for these types of scams. However, this latest development highlights the evolving nature of cyber threats and the need for organizations to be vigilant in their security measures.

SLH's recruitment push is likely aimed at taking advantage of the fact that many organizations underestimate the threat posed by female vishers. Cybersecurity experts warn that social engineering tactics are becoming increasingly sophisticated, making it harder for employees to detect and resist attacks. The group's use of adaptable phishing kits, which allow them to syncronize authentication flows with requests made during phishing calls, further adds to the complexity of these threats.

So, what can organizations do to protect themselves against vishing attacks? According to Dataminr, one key step is to brief IT help desk and support personnel about this specific recruitment trend and teach them to expect well-rehearsed and convincing vishers. Organizations should also enforce out-of-band identity verification for all password resets or MFA credential changes requested via phone.

In addition, using phishing-resistant authentication methods, such as FIDO2-compliant hardware security keys or passkeys, can help reduce the risk of successful attacks. It is also essential to audit logs for new user creation or administrative privilege escalation immediately following help desk interactions. By taking these steps, organizations can significantly improve their chances of detecting and resisting vishing attacks.

The incident highlights the importance of cybersecurity awareness and education in preventing cyber threats. As we continue to navigate the evolving landscape of cyber threats, it is crucial that individuals and organizations prioritize security and take proactive measures to protect themselves against emerging threats.

Conclusion

In conclusion, the Scattered Lapsus$ Hunters group's recruitment push targeting women for vishing attacks is a concerning development in the world of cybersecurity. By understanding the tactics used by these hackers and taking steps to improve our defenses, we can reduce the risk of falling victim to these types of scams.

Stay informed about the latest breaches, vulnerabilities, and cybersecurity threats by subscribing to our breaking news email alert. With this information, you'll never miss out on the most important security updates and alerts in the world of cyber threats.

Keywords: hacking, cybersecurity, vishing attacks, Scattered Lapsus$ Hunters, voice-phishing, social engineering, malware, vulnerability, phishing-resistant authentication methods.