Summary of the Advisory
The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) recently released a joint Cybersecurity Advisory in response to the activities of the Scattered Spider threat actors. These actors have been targeting commercial facilities sectors and subsectors.
Scattered Spider is a cybercriminal group that targets large companies and their contracted IT help desks. They engage in data theft for extortion and are known to utilize BlackCat/ALPHV ransomware. The group has recently started encrypting victim files after exfiltration.
The group is considered expert in social engineering and uses multiple techniques, especially phishing, push bombing, and subscriber identity module (SIM) swap attacks, to obtain credentials, install remote access tools, and/or bypass multi-factor authentication (MFA).
The Dangers of Social Engineering
Social engineering is a significant cybersecurity threat that involves manipulating individuals into revealing confidential information that can be used for fraudulent purposes. The dangers of social engineering are manifold and can have severe consequences for both individuals and organizations.
One of the greatest dangers of social engineering is that it does not have to work against everyone. A single successfully fooled victim can provide enough information to trigger an attack that can affect an entire organization. Over time, social engineering attacks have grown increasingly sophisticated.
Social engineering tactics are dynamic, convincing, and targeted. These tactics include phishing, spear phishing, baiting, confidence tricks, pretexting, piggybacking, and tailgating. Social engineering preys on fear and disorientation and has dangerous consequences. Call centers often represent the frontline for customer service - making them prime targets for social engineering aimed at tricking agents into handing over access credentials or sensitive customer data. Despite security awareness efforts, deceptive techniques are continuing to evolve.
Forgotten password reset procedures present another prime attack vector leveraged by fraudsters to exploit call centers. Bad actors utilizing these techniques impersonate employees, convincingly pleading that they have forgotten critical passwords or locked themselves out of systems that are urgently needed to serve customers. Playing upon fears of penalties or letting down clients waiting on the agent, criminals pressure call center reps to perform password resets allowing access that is then abused without raising suspicions. By artfully forcing temporary credentials through such plausible verbal coercion, perpetrators sidestep technological controls and inject themselves directly into corporate environments.
The information gained from social engineering can be useful to someone hoping to launch an attack against your organization. This information can include passwords, security badges, intellectual property such as design specifications, source code, and other research-and-development documentation, confidential financial reports, private and confidential employee information, personally identifiable information (PII) such as health records and credit card information, and customer lists and sales prospects.
If any of the preceding information is leaked, financial losses, lowered employee morale, decreased customer loyalty, and even legal and regulatory consequences could result. The possibilities are endless. This further highlights the need for advanced authentication measures like Asignio that can deny access even in exceptionally convincing verbal phishing scenarios targeting call center personnel.
Asignio: A Solution to Social Engineering Threats
In the face of such threats, it’s crucial to have robust and secure authentication technology: a system that has the flexibility to be accessible across devices and portable, yet highly secure. A biometric should be unique to the user, but changeable to hinder fraudsters account takeover attempts. This is where Asignio comes in.
Asignio is a highly secure, easy-to-use biometric authentication technology. It offers a passwordless authentication system that uses multi-biometric authentication where a user “signs” a set of characters, or symbols. Asignio’s solution is phishing and fraud resistant and is compatible with top authentication systems such as Ping, Okta, Duo, Microsoft, and others. Its standards-based APIs connect you to everything else.
By removing passwords, and one-time passcodes (OTP’s) from the equation, Asignio is engineered to combat phishing and fraud. Asignio’s dual handwriting and facial biometrics are resistant to such measures. Asignio is easy to use, with no passwords to remember or third-party apps to install. You can use the same signature across any Asignio-powered site for a frictionless, yet highly secure authentication experience.
Conclusion
In the face of evolving cybersecurity threats, especially the dangers posed by social engineering, it is crucial to have a robust and secure authentication system. Asignio’s biometric authentication technology provides a highly secure, easy-to-use solution that can help protect against these threats. By removing passwords from the equation and using dual handwriting and facial biometrics, Asignio offers a solution that is resistant to phishing and fraud. It is time to consider Asignio for your authentication needs.
View our video demo here