CISOs should fortify help desk and employee defenses, enhance intrusion detection and tracking capabilities, and recognize that paying ransoms is not a viable strategy.
#ScatteredSpider #UNC3944 #Starfraud #ScatterSwine #MuddledLibra #OctoTempest #0katpus.
Unit 42 reports that the financially motivated Muddled Libra cybercriminal group now actively targets software-as-a-service (SaaS) applications and cloud service provider (CSP) environments. The threat actors attempt to leverage data stored in SaaS applications and CSP environments to assist with their attack progression, and to use for extortion when trying to monetize their work. Unit 42 covers various access methodologies that are used for SaaS environments and CSPs, common exploits, data reconnaissance, and tactics to abuse CSP services for data exfiltration. No IOC 🔗 https://unit42.paloaltonetworks.com/muddled-libra-evolution-to-cloud/
From infiltration to crypto-lock sometimes in hours (not days) — as attackers refine tactics, 'speed matters,' experts warn
https://www.databreachtoday.com/as-attackers-refine-tactics-speed-matters-experts-warn-a-24605 #ScatteredSpider #muddledlibra #octotempest #UNC3944
