Why SaaS Identity Abuse is This Year’s Ransomware
2024-6-26 01:0:39 Author: securityboulevard.com(查看原文) 阅读量:13 收藏

Scattered Spider made headlines in 2023 with successful ransomware attacks against two prominent casino and entertainment companies, Caesars and MGM Resorts. Caesars opted to pay a $15 million ransom to regain access to its data, while MGM Resorts suffered a 10-day disruption of critical computer systems, extensive customer data exfiltration, and an overall estimated financial impact of $100 million. The MGM Resorts breach is illustrative of the techniques the group uses to defeat modern multi-factor authentication (MFA) controls. The group reportedly researched the company’s privileged users using public data sources like social networks and used this information to impersonate them in calls to the IT help desk. Eventually, they were successful in tricking the company into performing a password reset. Once in, they unleashed ALPHV/BlackCat ransomware across the company’s critical systems, wreaking havoc on business operations and customer experience.

The post Why SaaS Identity Abuse is This Year’s Ransomware appeared first on RevealSecurity.

*** This is a Security Bloggers Network syndicated blog from RevealSecurity authored by Katie Sanchez. Read the original post at: https://www.reveal.security/why-saas-identity-abuse-is-this-years-ransomware/


文章来源: https://securityboulevard.com/2024/06/why-saas-identity-abuse-is-this-years-ransomware/
如有侵权请联系:admin#unsafe.sh