FBI Issues Warning Against Password Resets Amid Cyber Attacks

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly updated their cybersecurity advisory regarding the Scattered Spider threat group. The July 29 update warns organizations against resetting passwords during active attack scenarios, as this action may inadvertently assist the attackers. This guidance represents a shift from conventional cybersecurity advice that typically encourages password changes in response to potential breaches.

According to the federal agencies, Scattered Spider employs sophisticated social engineering techniques to target organizations. The threat actors impersonate employees in communications with IT support staff, attempting to gather information about password reset procedures. After collecting sufficient information, they conduct targeted spearphishing calls to help desks, convincing staff to reset passwords or transfer multi-factor authentication tokens to devices under their control.

The FBI and CISA recommend that organizations implement phishing-resistant multi-factor authentication for all services accessing critical systems. Additional recommendations include conducting thorough employee training against voice phishing and spearphishing attempts. The agencies also advise organizations to review their helpdesk password reset processes, particularly focusing on how staff credentials are authenticated before implementing password changes.

Scattered Spider has been linked to significant attacks on retail and aviation targets, among other sectors. The group's activities demonstrate the evolving nature of cybersecurity threats facing U.S. organizations and critical infrastructure. The updated federal advisory reflects ongoing efforts by U.S. government agencies to address cybersecurity vulnerabilities and provide actionable guidance to potential targets.