Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label State Secrets. Show all posts

FBI Reveals Scattered Spider’s Alliance with Notorious Ransomware Outfit

 

In an advisory released last weekend, the FBI and the Cybersecurity and Infrastructure Security Agency revealed further details regarding the cybercrime outfit Scattered Spider and its link with the notorious ALPHV/BlackCat ransomware operation. 

Scattered Spider, who goes by multiple aliases including 0ktapus, Starfraud, and Octo Tempest, has reportedly been behind some of the most renowned ransomware attacks in recent memory, according to a Bleeping Computer report. The agile group of 16-year-old English-speaking hackers has broken into networks belonging to Twilio, Reddit, MailChimp, and other companies using devious social engineering techniques. 

The FBI now reveals that some members of Scattered Spider have teamed up with ALPHV/BlackCat, the ransomware cartel based in Russia that is responsible for significant attacks on the government of Costa Rica and oil giant Shell. Thanks to this partnership, the actors known as Scattered Spider can use BlackCat to lock down and encrypt systems before extorting money from victims. 

Experts claim that Scattered Spider is hard to follow because of its disorganised, loose structure. At least twelve people are known to the FBI, but no one has been charged with a crime as of yet. A subset of them are thought to be affiliated with "The Comm," a hacker collective implicated in recent violent crimes. 

The access strategies used by Scattered Spider prey on human weaknesses. They use phone calls, fake domain names that resemble corporate services, and SMS phishing to trick workers into giving up credentials while posing as IT personnel. 

Once inside, they sneakily set up surveillance software and RAT malware in order to steal information and find out about incident response activities in email or Slack. This enables Scattered Spider to avoid detection, create fake accounts to move laterally, and figure out how victims are attempting to kick them out.

Experts advise fortifying multi-factor authentication, email security, network segmentation, and patching against the FBI's list of MITRE techniques. In order to facilitate recovery following an attack, they also suggest putting in place reliable data recovery plans and offline backups. 

The disclosure of Scattered Spider's internal functioning sheds light on the human infrastructure that powers sophisticated cybercriminal networks to carry out ransomware attacks. It also exemplifies the evolving cyber threat landscape, in which threat actors pool their resources to maximise extortion profits.

Cybersecurity Crisis Deepens in Phillipines as Hackers Leak State Secrets

 

The security of millions of people is at risk due to the Philippines' lax cybersecurity regulations, which have allowed government websites to be compromised in a recent string of cyberattacks.

According to the South China Morning Post, hackers attacked the Philippine Health Insurance Corporation (PhilHealth), compromising the data of millions of people, including Filipino employees working overseas. 

The state insurer's reluctance to go with $300,000 triggered the breach. Furthermore, the homepage of the House of Representatives was defaced, highlighting the government's weaknesses in the digital world. 

A hacker going by the moniker DiabloX Phantom claimed that he had gained access to five critical government agencies and downloaded a substantial amount of data. His intention was to expose the vulnerabilities in the government's cybersecurity. 

The hacker gained access to the forensics database held by the Philippine National Police, which contained sensitive case files, and the servers of the Philippine Statistics Authority, which is in charge of issuing national identification cards. 

He also attacked the websites of the Technical Education and Skills Development Authority (Tesda), Clark International Airport, and the Department of Science and Technology. 

Among his techniques were using open subdomains, propagating malware via email, making use of weak passwords, and taking advantage of vulnerabilities left by earlier hackers. 

As stated by DiabloX Phantom, he focused on highlighting the government's cybersecurity flaws rather than sell the information he had acquired, reported to the South China Morning Post.

He waited for a government reaction to deal with these problems. Cybersecurity specialists in the Philippines independently confirmed his assertions. Some hackers want to reveal system weaknesses, get fame for their expertise, or just have fun with cyber activities, but there isn't a single person or organisation behind all of the breaches. 

Past violations of cybersecurity

Cybersecurity incidents are not unusual, as evidenced by the recent breaches in the Philippines. 

The personal information of up to 55 million Filipino voters was made public in 2016 by the "Comelec leak". No one was prosecuted or held accountable for this breach, despite its magnitude. 

Vulnerabilities must be fixed immediately, such as weak passwords, poor personnel training, and inadequate monitoring. Taking care of these problems is essential to preserving private information and millions of people's privacy.