Industry groups urge vigilance as Scattered Spider evolves tactics

Group experienced a resurgence earlier this year as it launched a months-long hacking campaign

Pro

Image: Shutterstock via Dennis

A coalition of information-sharing groups have urged their members to take additional steps to mitigate potential attacks by the cybercrime gang Scattered Spider, which has spent recent months attacking the insurance, retail and airline industries.

“Threat actors such as Scattered Spider are constantly innovating, so organisations must be diligent in continually monitoring their processes and identities to look for new exploits,” the group of information sharing and analysis centres (ISACs) – representing the financial services, food and agriculture, information technology, healthcare, aviation, automotive, retail, maritime and electricity sectors – said in a joint advisory.

Their warning came one day after the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) warned that Scattered Spider had developed an evolving set of tactics to conduct social-engineering attacks on its targets.

The ISACs said they expect the group to continue to find new ways to evade existing security measures.

“Scattered Spider presents a real threat, and financial services firms must remain diligent as it and other threat actors innovate and scan for new exploits,” said John Denning, chief information security officer at the FS-ISAC. “However, the threat of Scattered Spider extends across borders and industries – as do many cyber security threats – and its historical activity indicates that its focus will shift as it identifies new organizations and sectors to exploit.”

Scattered Spider, an English-speaking threat group based mainly in the United States and the United Kingdom, has perfected a strategy based on tricking IT help desks into handing over user credentials or bypassing multifactor authentication technology. The ISACs urged their members to develop multichannel verification methods, which are designed to make sure a password reset or other request is coming from a real employee.

More sensitive requests, such as large financial transfers, should require multiple layers of approvals to prevent theft, the ISACs said.

After debuting on the cybercrime scene in 2023, Scattered Spider experienced a resurgence earlier this year as it launched a months-long hacking campaign that ensnared companies ranging from British department store Marks & Spencer to Whole Foods distributor United Natural Foods and Australian airline Qantas.

According to Google researchers, however, the group has gone quiet in recent weeks following the arrest of four suspected members for allegedly hacking three major British retailers. They caution that Scattered Spider has previously taken a step back following high profile arrests only to later resume activities.

Researchers have also cautioned that threat groups either affiliated or inspired by Scattered Spider have used similar tactics.

Cybersecurity Dive

Read More: law Scattered Spider