FBI Issues Urgent Password Reset Alert
In a recent development, the Federal Bureau of Investigation (FBI) has issued two critical warnings, one about the Scattered Spider ransomware group and another concerning a new brushing scam involving QR codes on packages.
The Scattered Spider Ransomware Threat
There are doubts about Scattered Spider's involvement in recent ransomware attacks, with some pointing to the ShinyHunters group as the potential culprit. However, the FBI has issued a new warning about Scattered Spider, highlighting that this group is one of the most dangerous ransomware threat actors currently active.
The latest FBI warning emphasizes that Scattered Spider uses sophisticated social engineering to trick IT helpdesk personnel into resetting passwords and transferring multifactor authentication (MFA) tokens. This is done through layered tactics such as spearphishing calls, SIM-swapping, and MFA push bombing. The threat actors first gather details on how password resets are performed within an organization, then repeatedly call help desks and employees to manipulate them into resetting credentials and approving MFA requests.
Organizations are cautioned against simply resetting passwords in response to Scattered Spider intrusions because this action alone does not eliminate the threat. The group abuses valid accounts and MFA tokens beyond just stolen passwords, so password changes do not disrupt their persistent access. Instead, adversaries exploit help desk processes and multifactor authentication weaknesses to regain or maintain access after resets. This means that password resets without comprehensive remediation (such as revoking active sessions, inspecting account permissions, and improving help desk security protocols) may be ineffective and can give a false sense of security.
The FBI recommends using phishing-resistant multifactor authentication for all services and accounts accessing critical systems to counter Scattered Spider's evolving tactics.
The Brushing Scam Involving QR Codes
In a separate warning, the FBI has issued a new alert about a brushing scam involving QR codes on packages. The packages often arrive without any information about their origin to encourage recipients to scan the QR codes. However, the QR codes in the scam prompt recipients to provide personal and financial information or download malicious software.
The FBI suggests following updated mitigation recommendations from the U.K. National Cyber Security Centre, including reviewing helpdesk password reset processes. If you receive an unexpected package from an unknown sender, do not scan any QR codes contained within it or on the packaging. The FBI advises reporting any fraudulent or suspicious activities related to this scam to the FBI IC3 at www.ic3.gov.
To prevent falling victim to these scams, the FBI advises organizations to perform diligent employee training against vishing and spearphishing.
The latest intelligence suggests that the Scattered Spider and ShinyHunters criminal groups may share members, as is common in ransomware circles. This new brushing scam is a twist on an old threat, similar to previous scams that used vendor-increased product ratings online.
The FBI's new warning is the second critical cybersecurity alert update issued by the Bureau in a short period of time. Organizations are urged to stay vigilant and follow the recommended mitigation measures to protect themselves from these evolving threats.
In light of the FBI's warning, it's crucial for organizations to strengthen their cybersecurity by implementing phishing-resistant multifactor authentication for all critical systems, as the Scattered Spider ransomware group uses complex social engineering tactics to manipulate IT helpdesk personnel and access multifactor authentication tokens. Furthermore, the FBI also advises against scanning QR codes on unexpected packages due to a new brushing scam that prompts recipients to provide personal and financial information, or download malicious software. General-news media and technology outlets should emphasize the importance of these warnings to the public and offer advice on cybersecurity best practices. Crime-and-justice reports should detail the ongoing threats posed by ransomware groups such as Scattered Spider and the evolving tactics they employ, including the use of QR codes in scams.
