The Federal Bureau of Investigation (FBI) has issued a warning about a growing trend where cyber criminals are impersonating IT support staff to gain physical access to critical computer systems. A hacking collective known as the Silent Ransom Group (SRG) has been turning up at US offices, pretending to be IT workers to install malware and steal sensitive data for ransom.
Silent Ransom Group Tactics
SRG, which has been active since 2022, has recently shifted from remote cyber attacks to in-person hacks. The group primarily targets law firms, though medical and insurance sectors are also at risk. By using low-tech methods such as plugging in storage devices, they bypass advanced AI-powered cyber defence systems.
Implications for Cybersecurity
This trend highlights how criminals are resorting to surprisingly simple social engineering techniques to breach sophisticated security measures. Cyber security experts emphasise that robust, layered security—including physical security and employee verification—is crucial. A simple failure to verify identity can lead to significant data breaches, even when advanced technological defences are in place.
The FBI's warning serves as a reminder that cybersecurity must encompass both digital and physical realms, as attackers continue to adapt their methods to exploit human vulnerabilities.
