More industries are expected to be targeted by Scattered Spider ransomware operation following the discovery of nearly 500 phishing domains adhering to the group's naming conventions, Infosecurity Magazine reports.
While some of the domains have been aimed at aviation, retail, and technology organizations previously reported to be targeted by the operation, other domains were targeted at the manufacturing, financial services, and medical technology entities, as well as enterprises, according to an analysis from Check Point Research. Additional findings showed Scattered Spider's utilization of the TeamViewer, Splashtop, and ScreenConnect remote access tools for persistence on targeted systems, as well as its usage of the Mimikatz credential dumping utility and information-stealing malware, including the Vidar Stealer. Organizations have been urged to protect their systems from the threat of Scattered Spider by conducting continuous domain registration scanning and multi-factor authentication exploitation-focused simulations, as well as implementing robust MFA and endpoint and detection response systems, while mandating layered verification mechanisms and third-party service provider audits.
While some of the domains have been aimed at aviation, retail, and technology organizations previously reported to be targeted by the operation, other domains were targeted at the manufacturing, financial services, and medical technology entities, as well as enterprises, according to an analysis from Check Point Research. Additional findings showed Scattered Spider's utilization of the TeamViewer, Splashtop, and ScreenConnect remote access tools for persistence on targeted systems, as well as its usage of the Mimikatz credential dumping utility and information-stealing malware, including the Vidar Stealer. Organizations have been urged to protect their systems from the threat of Scattered Spider by conducting continuous domain registration scanning and multi-factor authentication exploitation-focused simulations, as well as implementing robust MFA and endpoint and detection response systems, while mandating layered verification mechanisms and third-party service provider audits.
