At a glance.
- FBI describes Scattered Spider operations.
- Threat actors target VPNs for initial access.
- Sav-Rx discloses breach of customer data.
FBI describes Scattered Spider operations.
At the Sleuthcon conference on Friday, Bryan Vorndran, assistant director of the FBI’s Cyber Division, offered details on the Scattered Spider cybercriminal group, CyberScoop reports. The group comprises about 1,000 people, many of whom are young and based in the United States and the United Kingdom. Vorndran said Scattered Spider is classified as "a top three cybersecurity threat," alongside the Russian and Chinese governments. The gang often uses social engineering to gain initial access. Scattered Spider was responsible for a major breach at MGM Resorts last year, as well as attacks against numerous other major organizations.
Threat actors target VPNs for initial access.
Check Point has issued an advisory warning that threat actors are targeting its customers' VPN devices to gain access to enterprise networks. Check Point stated, "We have recently witnessed compromised VPN solutions, including various cyber security vendors. In light of these events, we have been monitoring attempts to gain unauthorized access to VPNs of Check Point’s customers. By May 24, 2024 we identified a small number of login attempts using old VPN local-accounts relying on unrecommended password-only authentication method." Check Point recommends that organizations improve their VPN security posture by implementing multifactor authentication and disabling unused local accounts.
Sav-Rx discloses breach of customer data.
US-based prescription services firm Sav-Rx has disclosed that personal information belonging to more than 2.8 million people was stolen during a cyberattack in October 2023, SecurityWeek reports. The breached data included "names, addresses, dates of birth, email addresses, phone numbers, Social Security numbers, eligibility data, and insurance identification numbers."
SecurityWeek notes that the breach notification suggests that Sav-Rx paid a ransom to prevent the threat actor from leaking the data. The company stated, "As a result of the investigation, we learned that an unauthorized third party was able to access certain non-clinical systems and obtain certain files that contained personal information. However, in conjunction with third-party experts, we have confirmed that any data acquired from our IT system was destroyed and not further disseminated."