Don’t get caught! ‘Scattered Spider’ swaps SIM for ransomware

Oct 27 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that’s dressing up as a cybercriminal for Halloween. All we gotta do is put on two stone and not shave our necks ‘til the 31st 🤓👨‍💻💀

It’s Friday, folks, which can only mean one thing… It’s time for our weekly segment!

It goes by many names. Patch of the Week, Tweak of the week. Okay, that’s it.

Congrats, the cybercriminals are no match… for your patch! 🩹🩹🩹 

Check out these freshly hatched patches!! 🐣🐣🐣

Call it a reMirth 😏

A critical unauthenticated remote code execution vulnerability, CVE-2023-43208, has been discovered. It poses a serious risk to your data and security. Update to version 4.4.1 released on October 6, 2023, to stay safe. 🆘💻

👉 "Attackers may exploit this flaw to access sensitive healthcare data," warns Naveen Sunkavally of Horizon3.ai. Mirth Connect is widely used in the healthcare industry for data integration, making it a prime target. 🔒

⚠️ Even older versions dating back to 2015/2016 are at risk, and this vulnerability bypasses a previous critical issue (CVE-2023-37679). Don't wait – update now to protect your systems! 🔄

Now, on to today’s hottest cybersecurity stories:

  • 🕷️ Don’t get caught! ‘Scattered Spider’ swaps SIM for ransomware 🕸️

  • 🏆 DDoS record smashed by 100 million requests per second showstopper 🎉

  • ⌚ Seiko sounds alarm on data breach perpetrated by ‘BlackCat’ ransomware 💰 

Our Spidey sense is tingling… 🤟🏻🕸️💀

🚨 Alert: Scattered Spider Strikes Again! 🕷️

The notorious threat actor, Scattered Spider, is on the prowl, disguising as newly hired employees to infiltrate organisations worldwide. Microsoft has labelled them "one of the most dangerous financial criminal groups," praising their adaptability and cunning techniques. 😈💼

Meet Octo Tempest 💻

Scattered Spider goes by the name "Octo Tempest," known for its slick operations. They employ SMS phishing, SIM swapping, and help desk fraud to breach their targets. 📱🔒

Crafty Social Engineering 🎭

Octo Tempest excels at targeting help desk personnel through social engineering, gaining initial access to privileged accounts. They trick staff into resetting passwords and multi-factor authentication. 🎭🔐

Diverse Tactics 🎯

Their tactics range from purchasing credentials on the dark web to deploying AI-powered phishing schemes. They've even resorted to fear-mongering tactics, using personal information to coerce victims. 🌐🦠

From SIM Swaps to Ransomware 💰

Octo Tempest has evolved, targeting various sectors like email, tech services, gaming, and more. They've also teamed up with the BlackCat ransomware gang. Their goals include cryptocurrency theft and data extortion for ransomware attacks. 💲🔓

Sophisticated Techniques 🛡️

They use a wide array of tools and techniques, such as compromising VMware ESXi infrastructure and deploying Linux backdoors. Their technical prowess allows them to navigate complex environments with ease. 🛠️🔍

Stay vigilant and update your security measures to protect against this cunning threat! 🤖

Cybersecurity is more important than ever, and your Mac or PC are no exception. Over time, your Mac or PC can accumulate junk files, malware, and other threats that can slow it down and make it vulnerable to attack.

That's where MacPaw comes in. MacPaw offers a suite of easy-to-use apps that can help you clean, optimize, and secure your Mac. With MacPaw, you can:

  • Remove junk files and malware to free up space and improve performance

  • Protect your privacy by erasing sensitive data

  • Optimize your startup settings to speed up boot times

  • Manage your extensions and apps to keep your Mac or PC running smoothly

Since 2008 MacPaw is trusted by over 30 million users worldwide, and it's the perfect solution for keeping your Mac or PC safe and secure.

1.21 gigawatts?! Sorry… a 100 million RPS DDoS attack?! English, doc, please! 😂

🚀 Cybersecurity in the Spotlight: Battling Massive DDoS Attacks! 🌐

In the cybersecurity realm, a recent showdown witnessed the defence against numerous hyper-volumetric HTTP DDoS assaults that leveraged a newfound vulnerability named HTTP/2 Rapid Reset. These attacks reached astonishing heights, with 89 of them surpassing a staggering 100 million requests per second (RPS)! 😱💥

The Surge in Cyber Threats 🔥

Q3 unveiled a concerning 65% surge in HTTP DDoS attacks compared to the previous quarter, culminating in a jaw-dropping 8.9 trillion attack requests. This surge signifies a growing concern in the cybersecurity landscape. 💼🔒

The HTTP/2 Rapid Reset Vulnerability 💣

This vulnerability (CVE-2023-44487) came to the forefront recently, as an undisclosed actor exploited it to target major players like Amazon Web Services, among others. A similar attack also shook the cybersecurity arena, reaching peaks of 250 million RPS. 😨🕷️

Cyber Threat Evolution 🌪️

The adversary landscape is evolving. Exploiting cloud computing platforms, attackers craft potent botnets capable of generating up to 5,000 times more force per botnet node. This empowers them to unleash hyper-volumetric DDoS attacks with a relatively small botnet, ranging from 5-20 thousand nodes. The attack terrain is in constant flux! 💻📈

Targeted Industries and Global Impact 🌏

Industries such as gaming, IT, cryptocurrency, software, and telecom bear the brunt of HTTP DDoS attacks. Hotspots for application layer (L7) DDoS attacks include the U.S., China, Brazil, Germany, and Indonesia, while the U.S., Singapore, China, Vietnam, and Canada are the bullseyes of HTTP DDoS assaults. 🌐🚀

Changing Tactics 💼

DNS-based DDoS attacks are on the rise, comprising nearly 47% of all attacks, signifying a 44% uptick from the preceding quarter. Meanwhile, ransom DDoS attacks are dwindling as organisations grow reluctant to pay the ransom demands. 📊🚫

Stay vigilant and bolster your online defences as the threat landscape evolves! 🛡️🌐

🎣 Catch of the Day!! 🌊🐟🦞

Our new segment where we pick out some cool sites we like, reply to the mail and let us know what you think.

🃏 The Motley Fool: “Fool me once, shame on — shame on you. Fool me — you can't get fooled again.” Good ol’ George Dubya 😂 Let us tell who’s not fooling around though; that’s the Crüe 👀 at Motley Fool. You’d be a fool (alright, enough already! 🙈) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! 🐛 Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets 🤑 (LINK)


🚵 Wander: Find your happy place. Cue Happy Gilmore flashback 🏌️⛳🌈🕊️ Mmmm Happy Place… 😇 So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)


🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts 👻🍿 (Great movie, to be fair 🙈). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty 😑). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho 😉 And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Seiko: It’s time to ‘fess up. We don’t know how this happened on our watch 👀😬

🔒 Seiko Group Confirms Data Breach Impact 🔓

Seiko Group Corporation (SGC) has provided an update on a data breach initially reported in August. The breach affected the security of 60,000 records. 🕵️‍♂️

📅 Detection and Reporting 🚨👮‍♂️

The breach was first detected on July 28, 2023, following unauthorised access. BlackCat, a ransomware gang, listed Seiko on its data leak site. The incident was promptly reported to authorities, including the Personal Information Protection Committee and the Tokyo Metropolitan Police.

📋 Compromised Information 🕵️‍♀️

The compromised information includes:

  • Customer data from Seiko Watch Corporation (SWC)

  • Contact details of business transaction counterparts

  •  Applicant information for employment with SGC and SWC

  • Personnel details of current and former SGC and group company employees

📊 Beyond the Numbers 😰💳

Whilst credit card information remained secure, the breach's impact goes beyond the numbers. With sensitive data in the hands of cybercriminals, phishing scams targeting customers, employees, and job applicants become a real threat. This could potentially affect other organisations in the aftermath.

🛡️ Enhancing Security 🕵️‍♂️🔍

To bolster security, Seiko has taken measures such as blocking external server communication, deploying EDR systems, and implementing multi-factor authentication (MFA). They plan to collaborate with cybersecurity experts for vulnerability assessments, system security improvements, and preventative actions to avoid future incidents.

🤝 Apologies and Ongoing Response 🔒

Seiko extends apologies for any inconvenience caused and is diligently addressing affected parties individually. They pledge to continue responding to any further leaks on a case-by-case basis.

That’s time gentlemen, please! 😂 Have a good weekend, cyber squad, and remember that these are tough times so you gotta always keep on the watch. Alright, that’s enough. Stay safe, y’all!

🗞️ Extra, Extra! Read all about it! 🗞️

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • The GeekAI: A daily 3 min newsletter on what matters in AI, with all the new AI things coming to market its good to stay ahead of the curve.

  • Libby Copa: The Rebel Newsletter helps writers strengthen their writing and creative practice, navigate the publishing world, and turn their art into an act of rebellion.

  • Techspresso: Receive a daily summary of the most important AI and Tech news, selected from 50+ media outlets (The Verge, Wired, Tech Crunch etc)

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles