Ransomware, Cloud Security

New Scattered Spider attacks target SaaS apps

Share
Cybersecurity, essential technology, Businesses utilizing advanced cybersecurity technology on a global network, protection and defense, safeguarding critical data and ensuring digital securityCybersecurity, essential technology, Businesses utilizing advanced cybersecurity technology on a global network, protection and defense, safeguarding critical data and ensuring digital security

Hacking collective Scattered Spider, also known as 0ktapus, UNC3944, Octo Tempest, and Scatter Swine, has redirected new attacks toward software-as-a-service applications to facilitate data exfiltration without conducting ransomware encryption, resulting in expanded targeting, reports BleepingComputer.

Intrusions aimed at corporate help desk agents involved using social engineering lures purporting to be from legitimate users needing multi-factor authentication reset assistance to obtain initial access to the targeted environment, according to a report from Google-owned cybersecurity firm Mandiant.

Okta single sign-on permissions were then leveraged to exploit cloud and SaaS apps, as well as perform internal reconnaissance efforts, with Scattered Spider later ensuring persistence through the establishment of new Azure- and vSphere-based virtual machines before deactivating Microsoft Defender, researchers said. Further persistence has been achieved by Scattered Spider through certificates obtained from Active Directory Federated Services and a Golden SAML attack.

Organizations have been urged to bolster SaaS app and virtual machine infrastructure monitoring, as well as implement more robust access policies to mitigate such attacks.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.