Last year, a group called Scattered Spider pulled off a massive hack targeting casinos.
Now, this mysterious collective has apparently turned its attention to the banking and insurance sectors, cybersecurity researchers told Bloomberg News Wednesday (May 8).
Since late last month, Scattered Spider has targeted 29 companies and successfully compromised the systems of at least two insurers, according to Resilience Cyber Insurance Solutions, a cybersecurity risk company that has monitored the group’s movements.
Among its targets have been Visa, PNC Financial Services, Synchrony, Transamerica and New York Life, a senior researcher told Bloomberg, declining to say which two firms had been breached. The researcher also declined to be identified, citing security reasons.
PYMNTS has contacted the companies in question for comment but has not yet received replies.
According to the Bloomberg report, Resilience researchers said the hackers purchased lookalike domains that match the names of the targeted companies, using them to host fake log-in pages intended to misdirect them, sending phishing links through text and email to employees in the sector redirecting them to the phony pages.
The same group, which first emerged in 2022, is reportedly responsible for a ransomware attack on MGM Resorts, the biggest casino group in Las Vegas, late last summer.
That attack shuttered the MGM website, forcing the company to send prospective guests to third-party sites to book rooms. Guests already at the resort were met with restaurants and bars that only took cash and inoperable slot machines.
Scattered Spider is also believed to have carried out a cyberattack on Clorox last year that led to a nationwide cleaning product shortage and hamstrung the company’s sales.
News of this latest threat comes on the heels of a cyberattack earlier this year on Change Healthcare, which spilled over into the larger hospital/pharmacy system.
It’s part of what Director of National Intelligence Avril Haines described in recent testimony before the Senate Armed Services Committee as an alarming increase in cyberattacks worldwide, noting that ransomware attacks increased by 74% last year.
“Of particular concern is the increase in attacks on control systems for critical infrastructure,” PYMNTS wrote. “Haines emphasized the potential consequences of such attacks, citing the ransomware attack on the largest fuel pipeline in the U.S. in 2021, which led to major disruptions in gas delivery and long lines at pumps along the East Coast.”