NVDA Q3 Earnings Alert: Why our AI stock picker is still holding Nvidia stockRead More

FBI warns on Scattered Spider hackers, urges victims to come forward

Published 11/16/2023, 03:37 PM
Updated 11/17/2023, 02:26 AM
© Reuters. FILE PHOTO: An exterior view of MGM Grand hotel and casino, after MGM Resorts shut down some computer systems due to a cyber attack in Las Vegas, Nevada, U.S., September 13, 2023. REUTERS/Bridget Bennett/File Photo
MSFT
-
MGM
-
CZR
-

By Zeba Siddiqui

SAN FRANCISCO (Reuters) - The FBI warned organizations to guard against the Scattered Spider hacking group, which has breached dozens of American organizations over the past year, stealing their sensitive data for extortion.

The FBI alert follows a Reuters report this week that said the agency had struggled to stop these hackers that are known to be skilled at using fake profiles and impersonations to trick a victim organisation's help desk into giving them access.

They were behind the September hacks into casino companies MGM Resorts (NYSE:MGM) International and Caesars (NASDAQ:CZR) Entertainment, but have intruded various organisations from telecom companies to healthcare groups, security researchers say.

The statement, issued jointly with the U.S. Cybersecurity and Infrastructure Security Agency, sheds new light into how these hackers operate.

Even after they've gained access into an organization's systems, the hackers keep checking its internal communication channels such as Slack, Microsoft (NASDAQ:MSFT) Teams, and Microsoft Exchange online, for emails or conversations that might show if their breach had been discovered, the statement said.

The criminals "frequently join incident remediation and response calls and teleconferences, likely to identify how security teams are hunting them and proactively develop new avenues of intrusion in response to victim defenses," it added.

The FBI and CISA urged critical infrastructure organisations to implement a series of security measures they recommended and urged victim organisations to share information about the hacks with the agencies.

© Reuters. FILE PHOTO: An exterior view of Park MGM hotel and casino, after MGM Resorts shut down some computer systems due to a cyber attack in Las Vegas, Nevada, U.S., September 13, 2023. REUTERS/Bridget Bennett/File Photo

Everything from a sample ransom note, communications with the hackers, their cryptocurrency wallet information, or samples of malicious files could be useful, they said.

"FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered," they said, adding that ransom payments may embolden the hackers into going after more targets.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.