FBI Warning Issued As 2FA Bypass Attacks Surge — Get Prepared
The Federal Bureau of Investigation (FBI) has issued a critical cybersecurity alert, warning that the dangerous threat actors known as Scattered Spider are now targeting the airline industry and its supply chain. The Scattered Spider threat group, which has made headlines after taking responsibility for multiple retail sector attacks, including a high-profile attack on Marks & Spencer in the U.K., has been expanding its operations to include transportation.
FBI Confirms Scattered Spider Attacks Targeting Transportation
A recent report by ransomware analysts at Halcyon warned that Scattered Spider was targeting the Food, Manufacturing, and Transportation sectors in the US. The FBI has since confirmed this, stating that they have observed the cybercriminal group expanding its operations to include the airline sector.
The FBI warns that Scattered Spider is using social engineering techniques, often impersonating employees or contractors, to deceive IT help desks into granting access. Specifically, the group looks to bypass multi-factor authentication (MFA) or 2FA by adding unauthorized MFA devices to compromised accounts.
Who, Or What, Is Scattered Spider?
The Reliaquest Threat Research Team has published an in-depth analysis of the Scattered Spider threat group behind the attacks. According to the analysis, 81% of Scattered Spider domains impersonate technology vendors, with system administrators and executives being their primary targets.
Scattered Spider is a financially motivated cybercriminal organization that has been associated with The Community, a well-known yet loosely knit hacking collective. The group has leveraged phishing frameworks like Evilginx and social engineering methods to gain access to targets in the technology, finance, and retail trade sectors.
The analysis also reveals that Scattered Spider has exploited collaboration between Russia-aligned threat groups and English-speaking threat actors to deliver highly polished impersonation attacks. The group recruits social engineers with specific qualifications, including no accent, a specific geographic location, and fluency in the English language.
FBI Warned of Aviation Attacks, But Insurance Sector Also Now Being Targeted
The FBI warns that Scattered Spider has also expanded to include the insurance industry in its crosshairs. Google Threat Intelligence Group has reported multiple intrusions in the US that bear all the hallmarks of Scattered Spider activity.
Jon Abbott, CEO at ThreatAware, advises that while the rising tide of attacks on US insurers is a serious threat, it also represents a warning for other industries to stay vigilant. The group's reliance on social engineering rather than technical exploits and its ability to manipulate people into granting access to compromised accounts make it a significant threat.
Stay Vigilant
Richard Orange, a vice president at Abnormal AI, reiterates the importance of staying vigilant. "This group relies on social engineering rather than technical exploits," he said. "And bypasses traditional security controls by manipulating people, such as posing as IT staff or trusted partners." Scattered Spider will move laterally, harvesting credentials to deceive other departments, customers, and partners.