Cybersecurity

New Scattered Spider attacks target SaaS apps

June 17, 2024
15 1 minute read
Untitled design6
052224 encryption.jpg


Hacking collective Scattered Spider, also known as 0ktapus, UNC3944, Octo Tempest, and Scatter Swine, has redirected new attacks toward software-as-a-service applications to facilitate data exfiltration without conducting ransomware encryption, resulting in expanded targeting, reports BleepingComputer.

Intrusions aimed at corporate help desk agents involved using social engineering lures purporting to be from legitimate users needing multi-factor authentication reset assistance to obtain initial access to the targeted environment, according to a report from Google-owned cybersecurity firm Mandiant.

Okta single sign-on permissions were then leveraged to exploit cloud and SaaS apps, as well as perform internal reconnaissance efforts, with Scattered Spider later ensuring persistence through the establishment of new Azure- and vSphere-based virtual machines before deactivating Microsoft Defender, researchers said. Further persistence has been achieved by Scattered Spider through certificates obtained from Active Directory Federated Services and a Golden SAML attack.

Organizations have been urged to bolster SaaS app and virtual machine infrastructure monitoring, as well as implement more robust access policies to mitigate such attacks.



Source

June 17, 2024
15 1 minute read

Related Articles

To Address Burnout, Cybersecurity Must Learn to Tolerate Failure

To Address Burnout, Cybersecurity Must Learn to Tolerate Failure

June 14, 2024
The New Era in Cybersecurity

The New Era in Cybersecurity

May 17, 2024
Hoschton’s Warrington wins award for cybersecurity paper | School

Hoschton’s Warrington wins award for cybersecurity paper | School

May 23, 2024
start by upping your password game – ‘12345’ doesn’t cut it

start by upping your password game – ‘12345’ doesn’t cut it

June 16, 2024
Back to top button