Cybersecurity Agencies FBI and CISA issue alert on the escalating strategies of the malware group known as Scattered Spider
In the digital landscape, a new threat has emerged, with the cybercrime collective Scattered Spider ramping up its activities. This group has been leveraging sophisticated social engineering tactics to target IT help-desk staff, gaining access to networks of high-profile organizations.
Scattered Spider's latest strategies include phishing and social engineering phone calls, impersonating company IT or helpdesk staff to trick employees into revealing credentials or running remote access tools. Another technique is push bombing, where attackers repeatedly send multifactor authentication (MFA) push notifications to targets until they approve one. Scattered Spider has also been using SIM swapping attacks to transfer employees' MFA tokens to attacker-controlled devices, bypassing MFA protections.
The gang has expanded its targeting to include sectors such as retailers, insurers, airlines, telecommunications, hospitality, and IT service providers across the U.S., U.K., Canada, and Australia. Notable victims include MGM Resorts, Caesars Entertainment, and Marks & Spencer, among others.
The FBI, CISA, and international partners have issued a warning about Scattered Spider, stating that the group is continuing to launch waves of attacks using these evolving and highly targeted social engineering tricks. While Mandiant Consulting hasn't observed any new intrusions directly attributable to Scattered Spider since recent arrests, the collective remains active and poses a significant threat.
In response to these attacks, some organizations have taken legal action. For instance, Clorox sued its IT help-desk provider, Cognizant, for $380 million, claiming its vendor failed to prevent a crippling 2023 attack that experts have attributed to Scattered Spider. The suit alleges that Cognizant handed over network credentials to the attackers without properly authenticating them.
Scattered Spider has been known to deploy multiple ransomware variants, including Dragonforce, for use in data-extortion attacks. Microsoft researchers have also noted that the group has been using adversary-in-the-middle tactics and abusing text-messaging services.
As the digital world continues to evolve, understanding and addressing threats like Scattered Spider is crucial for organizations worldwide. The critical window of opportunity provided by the absence of new Scattered Spider intrusions should be capitalized on by organizations to study the group's tactics and reinforce their security posture. Stay vigilant, and stay secure.
- Scattered Spider's tactics include phishing and social engineering phone calls to trick employees into revealing credentials or running remote access tools, which are common techniques in cybersecurity-related crime-and-justice.
- The digital threat posed by Scattered Spider has expanded to various sectors like retailers, insurers, airlines, telecommunications, hospitality, and IT service providers, as shown in general-news reports.
- The use of SIM swapping attacks by Scattered Spider for transferring employees' MFA tokens to attacker-controlled devices is a significant breach in cybersecurity precautions designed to protect privacy.
- In an attempt to combat Scattered Spider's activities, some organizations have resorted to legal action, such as Clorox suing its IT help-desk provider, Cognizant, for failing to prevent a crippling attack attributed to the group and handing over network credentials without proper authentication.
