Organizations in the finance and insurance sectors are having their corporate cloud systems targeted for data exfiltration and extortion by the prolific hacking collective Scattered Spider in new attacks, indicating the operation's focus on lucrative payouts, according to SC Media.
Aside from scouring inadvertently exposed cloud access tokens in GitHub and other services, as well as purchasing previously stolen credentials, Scattered Spider has also been conducting smishing campaigns to infiltrate and steal sensitive data from financial and insurance entities' Microsoft EntraID, AWS EC-2, Okta, VMware Workspace One, and ServiceNow instances, an analysis from EclecticIQ revealed.
Attackers could not only demand ransoms for the exfiltrated information but also profit from reselling the credentials it had utilized for initial cloud systems compromise.
Such findings should prompt the immediate implementation of multi-factor authentication and phishing awareness programs for employees, said EclecticIQ researchers, who also urged the removal of private access tokens in developers' codes.