May 2023 - How Two Cybercrime Groups Highlight the Need for Continued Security Measures
  • 31 May 2023
  • 4 Minutes to read
  • Contributors
  • Dark
    Light

May 2023 - How Two Cybercrime Groups Highlight the Need for Continued Security Measures

  • Dark
    Light

Article summary

In today's digital age, corporations across the globe have recognized the critical importance of robust cybersecurity measures. With significant investments made to fortify their defenses, organizations have aimed to stay ahead of the escalating cyber threat landscape. However, as corporations have stepped up their cybersecurity defenses, cybercriminals have adjusted their toolkits to account for these defenses, in the never ending cycle of One-upmanship.

This article sheds light on two emerging cybercrime groups, the Israeli Cybercrime Group and the Scattered Spider Hacking Group, and their use of novel social engineering attacks against key employees inside the organizations.

The Israeli Cybercrime Group:

While a large number of Business Email Compromise (BEC) Threat Actors can be traced back to Nigeria, this group has been attributed to organized cyber criminals in Israel.

The financial motivation behind this group is not new, they have however worked out a novel and highly effective social engineering tactic. Targeting key individuals in the organization under the auspices of a secret and highly confidential acquisition of another company or competitor. The threat actors will perform reconnaissance on the target domain, looking for DMARC, or the lack or misconfiguration of it. Depending on the target's email security maturity, they will shift tactics. For example, if DMARC is set up correctly, they will move to display name spoofing, instead of just domain spoofing which is much less effective with a working DMARC configuration.

Once an initial victim replies or responds to a phishing email, usually spoofed as coming from the CEO, they are misled to believe this topic is highly confidential and they must maintain confidentiality or risk insider trading criminal charges. This allows the attackers to maintain a level of stealth as the victims do not raise this topic to other peers or IT. As the long con progresses, emails from fake attorneys will raise the legitimacy of the thread. Eventually a request will be made for an urgent wire transfer that is needed to initiate a down payment or other need for the merger.

The Scattered Spider Hacking Group:

The Scattered Spider Hacking Group has emerged as a sophisticated and persistent threat to organizations worldwide. With their roots in Eastern Europe, this group has demonstrated an aptitude for targeted attacks against corporations, government entities, and critical infrastructure. Their modus operandi revolves around exploiting vulnerabilities in network infrastructure and targeting telecom verticals. The threat actors will use SMS or phone calls to spoof the internal IT department at the organization by contacting employees and asking them to install RMM (Remote Monitoring and Management) tools.. Once an initial foothold is established inside the targeted network infrastructure, Scattered Spider will deploy persistence mechanisms such as VPN’s and reverse shells.

By gaining a foothold within corporate networks, they establish a persistent presence, enabling them to conduct long-term surveillance and exfiltrate sensitive data.

The Escalation of Cybercrime:

The rise of groups like the Israeli Cybercrime Group and Scattered Spider Hacking Group is emblematic of the increasing sophistication of cybercriminals. As corporations have invested in strengthening their cybersecurity posture, these malicious actors have adapted, developing more advanced techniques and strategies to breach defenses.

Moreover, the interconnectedness of the global business landscape has expanded the attack surface for cybercriminals. Organizations frequently collaborate with external partners, resulting in an increased number of entry points that can be exploited. Furthermore, the COVID-19 pandemic has accelerated the adoption of remote work practices, offering cybercriminals new opportunities to exploit vulnerabilities in home networks and remote access infrastructure.

The Imperative for Enhanced Cybersecurity Measures:

Chief Information Security Officers (CISOs) play a pivotal role in safeguarding organizations against the evolving threat landscape. To effectively mitigate the risks posed by cybercrime groups like the Israeli Cybercrime Group and Scattered Spider, CISOs must prioritize the following cybersecurity measures:

  • Continuous Employee Education: Employees should receive regular training on recognizing and reporting phishing attempts, suspicious emails, and social engineering techniques. This can significantly reduce the success rate of BEC attacks. Employees should be made aware that IT asking them to install or gain access to their computer is a red flag. Organizations should already have tooling in place to do this if needed.
  • Multi-Factor Authentication (MFA): Implementing MFA across corporate networks and systems adds an extra layer of security, making it harder for hackers to gain unauthorized access even if credentials are compromised.
  • Security Logging and Review: Organizations should be utilizing centralized logging and alerting on suspicious or unexpected processes, network connections, sessions and logins. As threat actors move to using tools that are not considered malicious by themselves (RMM and Remote Access Tools such as AnyDesk and Teamviewer), detection tooling needs to be tuned to alert on non malicious processes.
  • Regular Security Assessments: Conduct comprehensive vulnerability assessments and penetration tests to identify and address weaknesses in the corporate infrastructure. This helps in proactively closing potential entry points for cybercriminals.
  • Robust Incident Response Planning: Develop a well-defined incident response plan that includes proactive threat hunting, rapid containment, and effective recovery strategies. This minimizes the potential damage caused by successful cyberattacks.

Conclusion:

As corporations continue to strengthen their cybersecurity defenses, cybercriminals like the Israeli Cybercrime Group and Scattered Spider Hacking Group adapt and evolve their tactics to breach those defenses. It is imperative for CISOs to remain vigilant, constantly updating their security measures and staying ahead of the ever-changing threat landscape. By investing in employee education, implementing multi-factor authentication, utilizing and reviewing centralized logging, conducting regular security assessments, and having robust incident response plans, organizations can better protect themselves from these sophisticated cybercrime groups and mitigate the risks they pose.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.