FBI Warning Issued As 2FA Bypass Attacks Surge — Get Prepared
The Federal Bureau of Investigation (FBI) has issued a critical cybersecurity alert warning of a surge in attacks by the Scattered Spider threat group, which is targeting multiple sectors, including transportation, retail, and insurance. The FBI warns that these attackers are using social engineering techniques to bypass multi-factor authentication (MFA), commonly referred to as 2FA, and gain unauthorized access to systems.
According to the FBI, Scattered Spider has been expanding its targeting to include the airline sector, both directly and through the supply chain. The group uses various methods to get IT help desks to add unauthorized MFA devices to compromised accounts.
The FBI has confirmed that it is currently working with aviation and industry partners to address this activity and assist victims. It urges anyone who thinks their organization may have been targeted to contact their local FBI office.
Who, Or What, Is Scattered Spider?
The Reliaquest Threat Research Team has published an in-depth analysis of the Scattered Spider threat group behind the attacks as referenced in the latest FBI cybersecurity warning. The analysis reveals that 81% of Scattered Spider domains impersonate technology vendors, system administrators, and executives, making them a high-value target for hackers.
The group leverages phishing frameworks like Evilginx and social engineering methods, including video calls, to gain initial access into targets in the technology, finance, and retail trade sectors. Scattered Spider is heavily associated with The Community, a well-known yet loosely knit hacking collective.
According to the analysis, Scattered Spider has exploited collaboration between Russia-aligned threat groups and English-speaking threat actors to deliver highly polished impersonation attacks. Social engineers with specific qualifications are being recruited to help them handle these calls.
FBI Warned Of Aviation Attacks, But Insurance Sector Also Now Being Targeted By Scattered Spider
Although the latest FBI warning focused on current attack threats targeting the transportation and aviation sectors, Scattered Spider has also expanded to include the insurance industry in its crosshairs. Google Threat Intelligence Group has identified multiple intrusions in the US that bear all the hallmarks of Scattered Spider activity.
Jon Abbott, CEO at ThreatAware, advises that while the rising tide of attacks on US insurers is a serious threat, it also represents a warning for other industries to stay vigilant. Businesses that might not consider themselves in the aviation, insurance, or retail sectors are still at risk due to the exploitation of supply chains.
Richard Orange, a vice president at Abnormal AI, reiterates what the FBI has said. "This group relies on social engineering rather than technical exploits," he said. "And bypasses traditional security controls by manipulating people, such as posing as IT staff or trusted partners." Scattered Spider will move laterally, harvesting credentials to deceive other departments, customers, and partners.
It is essential for businesses to stay vigilant and follow established security processes and procedures to the letter, regardless of what the person making the request may say. Be cautious of anyone asking for unauthorized 2FA devices to be added to accounts.
Note: The HTML code has been formatted with headings (h1, h2), paragraphs (
tags), ordered lists (
- ) and unordered lists (
- ) for better readability.