Retail and Hospitality Industry Hit by BlackFile Data Theft Scandal
Retail and Hospitality Industries Targeted by BlackFile Extortion Group
A sophisticated extortion group, tracked as BlackFile, has been actively targeting organizations in the retail and hospitality sectors since February.
- The group, also known as CL-CRI-1116, UNC6671, and Cordial Spider, employs a combination of voice-phishing and social engineering tactics to compromise sensitive systems and demand large ransom payments.
- The primary goal of BlackFile is to extract significant financial gains from its targets, often in the seven-figure range.
Methods Used by BlackFile
The group uses various methods to achieve its goals, including:
- Creating phishing pages that mimic corporate single-sign-on services to steal credentials.
- Scraping internal employee directories to obtain contact lists for executives.
- Accessing privileged accounts through further social engineering, mirroring legitimate executive session activity.
- Stealing sensitive data, such as employee phone numbers and business records, stored in SaaS environments, Microsoft Graph API permissions, Salesforce API access, internal repositories, and SharePoint sites.
According to researchers, “BlackFile has been consistently active since February, indicating that the group remains ongoing.”
Consequences and Recommendations
Organizations in the retail and hospitality sectors are advised to implement multi-factor identity verification for callers and limit the IT support actions that can be completed in a single call without escalation to management.
Law enforcement and cybersecurity experts continue to track the activities of BlackFile, providing warnings and guidance to affected organizations. It is essential for businesses to remain vigilant and take proactive measures to protect themselves against these types of threats.
About Author
English