Insights into the Notorious Cybercriminal Syndicate, Scattered Spider
In a series of cyber attacks, the notorious cybercriminal group Scattered Spider has been causing disruptions across various industries, including retail, insurance, aviation, and grocery sectors in the U.S., U.K., Canada, and Australia. The group, known for its sophisticated social engineering methods, has been targeting companies since its debut in September 2023.
A Global Threat
The group first gained attention with a ransomware attack against MGM Resorts, costing the company over $100 million. Since then, Scattered Spider has expanded its targets, with recent victims including Aflac, Allianz Life, and Philadelphia Indemnity Insurance. The group may also have been behind recent hacks of Hawaiian Airlines and Qantas.
Tactics and Techniques
Scattered Spider's latest techniques, as warned by the FBI and CISA, include phishing attacks, push bombing, SIM swapping, impersonation of company help desks, and the use of ransomware variants such as DragonForce. The group has also been targeting newer technologies such as Snowflake data storage solutions to steal customer information.
The group does not operate as a consolidated, centralized unit, but rather in multiple subsets with individual targets and preferred techniques. This decentralized structure makes it difficult for authorities to apprehend all members of the group.
Social Engineering Awareness
Training on social engineering awareness is critical, as Scattered Spider often uses English fluency to enhance their deception. The group's initial crime spree, as described by security researchers, involved harvesting employee credentials through phishing texts.
Legal Action
In a significant move, the U.S. Department of Justice charged five people for stealing millions of dollars by harvesting employee credentials through phishing texts. Spanish authorities arrested one of the defendants, a 23-year-old British man named Tyler Buchanan, and extradited him to the U.S. in April.
Financial Consequences
The latest attack spree, which began in April, cost an estimated 440 million British pounds, according to the U.K.-based Cyber Monitoring Centre. UNFI warned earlier this month that its breach could cost it up to $400 million in lost sales. In a $380 million lawsuit filed earlier this month, Clorox alleged that its IT vendor, Cognizant, failed to uphold its duties by handing over credentials to the hackers without authenticating them.
Ongoing Threat
Scattered Spider remains a serious threat to U.S. organizations, causing disruptions and extorting victims. Despite arrests and legal action, the group continues to evolve its methods to evade detection and maintain effectiveness. The group is affiliated with an underground collective known as The Com, linked to various crimes including extortion, money laundering, and SIM swapping.
Two other major British companies may also have been hacked but have yet to admit it, as Marks & Spencer's chairman told British lawmakers earlier this month. The group's spree involved hacks of 45 companies from September 2021 through April 2023.
As Scattered Spider continues to launch attacks against multiple industries, it is crucial for organizations to stay vigilant and implement robust cybersecurity measures to protect against these sophisticated threats.
- The FBI and CISA have warned about Scattered Spider's use of phishing attacks, push bombing, SIM swapping, impersonation of company help desks, and ransomware variants such as DragonForce in their tactics.
- Scattered Spider's targets have included companies in various industries like retail, insurance, aviation, and grocery sectors, with victims such as MGM Resorts, Aflac, Allianz Life, Philadelphia Indemnity Insurance, Hawaiian Airlines, and Qantas.
- The group operates in multiple subsets with individual targets and preferred techniques, making it difficult for authorities to apprehend all members.
- In the U.S., the Department of Justice charged five people for stealing millions of dollars by harvesting employee credentials through phishing texts, with one of the defendants being arrested and extradited from Spain.
