Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label cybersecurity threats FBI. Show all posts
Malware attacks
Airport WiFi Security Cyber Attacks cybersecurity threats FBI FBI FBI warning Hacker attack Internet Routers Malware attacks

FBI Warns Outdated Wi-Fi Routers Are Being Targeted in Malware and Botnet Attacks

 

Cybersecurity risks could rise when outdated home routers stop getting manufacturer support, federal agents say. Devices from the late 2000s into the early 2010s often fall out of update cycles, leaving networks open. Without patches, vulnerabilities stay unaddressed - making intrusion more likely over time. Older models reaching end-of-life lack protection upgrades once available. This gap draws attention from officials tracking digital threats to household systems. 

Older network equipment often loses support as makers discontinue update releases. Once patching ends, weaknesses found earlier stay open indefinitely. Such gaps let hackers break in more easily. Devices like obsolete routers now attract criminals who deploy malicious code. Access at admin level gets seized without owners noticing. Infected machines may join hidden networks controlled remotely. Evidence shows law enforcement warning about these risks repeatedly. 

Built from hijacked devices, botnets answer to remote operators. These collections of infected machines frequently enable massive digital assaults. Instead of serving legitimate users, they route harmful data across the web. Criminals rely on them to mask where attacks originate. Through hidden channels, wrongdoers stay anonymous during operations. 

Back in 2011, Linksys made several routers later flagged as weak by the FBI. Devices like the E1200, E2500, and E4200 came under scrutiny due to security flaws. Earlier models also appear on the list - take the WRT320N, launched in 2009. Then there is the M10, hitting shelves a year after that one. Some routers come equipped with remote setup options, letting people adjust settings using web-connected interfaces. 

Though useful, such access may lead to problems if flaws are left unfixed. Hackers regularly search online for devices running open management ports, particularly ones stuck on old software versions. Hackers start by spotting weak routers, then slip through software gaps to plant harmful programs straight onto the machine. Once inside, that hidden code opens the door wide - giving intruders complete control while setting up secret talks with remote hubs. 

Sometimes, these taken devices ping those distant centers each minute, just to say they’re still online and waiting. Opened network ports on routers might let malware turn devices into proxies. With such access, attackers send harmful data across infected networks instead of launching attacks directly. Some even trade entry rights to third parties wanting to mask where they operate from. What makes router-based infections tricky is how hard they are to spot for most people. 

Since standard antivirus tools target laptops and phones, routers often fall outside their scope. Running within the router's own software, the malware stays hidden even when everything seems to work fine. The network keeps running smoothly, masking the presence of harmful code tucked deep inside. Older routers without regular updates become weak spots over time. 

Because of this, specialists suggest swapping them out. A modern replacement brings continued protection through active maintenance. This shift lowers chances of intrusions via obsolete equipment found in personal setups.
Read more »
social engineering scams
aviation cyber attacks Cyber Security cybersecurity threats FBI Scattered Spider ransomware social engineering scams

FBI Warns Airlines and Insurers as Scattered Spider Ransomware Attacks Surge

 

When the Federal Bureau of Investigation (FBI) sounds the alarm on cybersecurity, organizations should take immediate notice. The latest urgent warning involves the notorious Scattered Spider group, which has already made headlines for attacking major retailers such as Marks & Spencer in the U.K.—a breach estimated to have cost the company upwards of $600 million.

According to the FBI, this cybercriminal organization is now turning its focus to the airline sector, targeting companies both directly and by infiltrating their supply chains. A recent June 26 report by Halcyon ransomware analysts indicated Scattered Spider had expanded operations into the Food, Manufacturing, and Transportation sectors, especially Aviation. The FBI confirmed this, stating via email:

“The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.”

The agency also posted this statement on X, formerly Twitter, highlighting that the attackers use consistent tactics—namely social engineering. Scattered Spider often impersonates employees or contractors to manipulate IT help desks into granting unauthorized access. Their ultimate goal is to sidestep multi-factor authentication (MFA) by convincing support staff to register fraudulent MFA devices to compromised accounts.

This threat group has been on law enforcement radar for years. In 2023, the FBI and the Cybersecurity and Infrastructure Security Agency issued a joint advisory after Scattered Spider activity against commercial facilities escalated. Authorities are now working closely with aviation companies to counter this surge in attacks and assist any impacted organizations. The FBI urges anyone who suspects their business has been targeted to contact their local office without delay.

Meanwhile, the Reliaquest Threat Research Team has published a detailed profile of Scattered Spider, emphasizing that 81% of the group’s domains impersonate technology vendors. Their preferred victims are executives and system administrators with high-level credentials. Reliaquest reports that the attackers leverage sophisticated phishing frameworks such as Evilginx and even conduct video calls to deceive targets in industries like finance, technology, and retail.


Recent analysis has uncovered Scattered Spider’s connection to The Community, a loosely organized hacking collective. According to cybersecurity firm Reliaquest:

“Through strategic alliances with major ransomware operators ALPHV, RansomHub, and DragonForce…”

Scattered Spider has gained access to sophisticated tools and techniques, many of which originate from Russia-aligned and English-speaking threat actors. This collaboration has enabled the group to launch highly convincing impersonation campaigns targeting Western organizations.

Social Engineering with a Scripted Edge

To execute these campaigns more effectively, Scattered Spider actively recruits skilled social engineers. Their criteria are precise: candidates must speak native or regionally neutral English and be available during Western business hours. These operators are then equipped with:

Detailed call scripts tailored to the organization being targeted.

Real-time coaching, where a “curator” provides live guidance to handle unexpected situations during calls.

Reliaquest also noted that the group deliberately avoids targeting entities in Russia and the Commonwealth of Independent States, suggesting both geopolitical awareness and operational discipline.

Future Threat: AI-Enhanced Social Engineering


Looking ahead, Reliaquest warns that Scattered Spider is likely to adopt AI tools to further automate and scale their trust-based attacks.

While the FBI’s recent alert focused on threats to the transportation and aviation sectors, other industries are already feeling the impact. John Hultquist, Chief Analyst at Google Threat Intelligence Group, confirmed:

“We are aware of multiple intrusions in the U.S. that bear all the hallmarks of Scattered Spider activity.”

The insurance sector has emerged as a prominent new target. Jon Abbott, CEO of ThreatAware, emphasized:

“The rising tide of attacks on U.S. insurers is a serious threat that should not be underestimated.”

However, he also cautioned that this trend is not limited to insurers; organizations across all industries should take it as a warning.

Supply Chain Weakness: The Common Denominator


Many of these incidents share a dangerous pattern: attackers first compromise a smaller vendor or partner, then use that access to pivot into larger, more valuable targets.

Richard Orange, Vice President at Abnormal AI, echoed the FBI’s concerns:

“This group relies on social engineering rather than technical exploits.”

By posing as trusted contacts, attackers manipulate employees into granting access—allowing them to move laterally across networks, harvest credentials, and breach other departments or third-party systems.

Security First: Verify Every Request


Organisations are strongly advised to:

  1. Scrutinise all requests for changes to multi-factor authentication (MFA) settings.
  2. Enforce strict identity verification procedures, regardless of how convincing the caller may seem.
  3. In this evolving threat landscape, vigilance remains the strongest defense.

Read more »
Subscribe to: Comments (Atom)