Scattered Spider Skitters Back Onto Scene

November 28, 2023

Introduction

No…not the kind with eight legs and eyes!

Image by RÜŞTÜ BOZKUŞ from Pixabay

Scattered Spider is a threat group that has been operating since at least 2022. They target large companies for huge sums of money…and they’re back in the headlines after the U.S. government put out an advisory about staying safe from Scattered Spider.

In their own words, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) put out this Cybersecurity Advisory “in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023.”

Who Is Scattered Spider?

Scattered Spider, also known as UNC3944, Scatter Swine, or Muddled Libra, is a cybercriminal group that targets large companies and their contracted IT help desks. The group uses a variety of social engineering techniques, including phishing, push bombing, and SIM swapping attacks. Scattered Spider has been active since at least May 2022 and has been linked to several high-profile attacks, including those against Caesars Entertainment and MGM Resorts International.

They primarily target organizations for financial gain, often engaging in data theft and extortion. They exploit vulnerabilities and use remote access tools to avoid detection, and continuously evolve their own strategies and threat arsenal to better compromise target systems.

Behind the New Advisory

So, why is the U.S. government writing up Cybersecurity Advisories about threat groups that have been active for over a year?

The press release contains all of the so-called tactics, techniques, and procedures (what they officially refer to as TTPs) that are the most up-to-date regarding this threat actor group. Not only does it have the most relevant information about who they are targeting, and how; but this report

The FBI and CISA urge organizations to implement the following mitigations to reduce the risk of a Scattered Spider attack:

  • Educate employees about social engineering techniques and how to identify and avoid phishing scams.
  • Follow strong password policies and enable multi-factor authentication (MFA) wherever possible.
  • Monitor networks for suspicious activity and implement security controls to detect and block unauthorized access.
  • Regularly back up data so that it can be restored in the event of a ransomware attack.

The FBI and CISA also encourage organizations to report any suspected Scattered Spider activity to the FBI’s Internet Crime Complaint Center (IC3).

Photo by kat wilcox

Conclusion

Are you at risk of being attacked by Scattered Spider? Have you been a victim of their virtual violence before?

A joint advisory from the FBI and CISA is, in itself, an indictment of how serious the cybercriminal group really is. Taking care to follow their TTPs, and the advice of other experts and authority figures in your particular organization and industry, will help keep you safer on a daily basis! Not only from Scattered Spider, but from all the other dangers lurking on the web too.

Whether you were already aware of Scattered Spider’s misdeeds, or this is your first time hearing of the group, this latest Cybersecurity Advisory demonstrates the universal need to take caution and prepare ourselves for what’s out there. While experts are doing everything they can to develop tools to fight off these cyber-attackers, you can keep yourself safer every day by staying aware of what’s going on in the world and taking daily steps to protect your systems!

References

Most Recent Post

Guide to Improving Your Company’s Data Management

Guide to Improving Your Company’s Data Management

Data is the lifeblood of modern businesses. It fuels insights, drives decision-making, and ultimately shapes your company's success. But in today's information age, data can quickly become overwhelming.Scattered spreadsheets, siloed databases, and inconsistent...

“Knowledgeable, reliable and trustworthy”

In addition to being knowledgeable, reliable and trustworthy, he’s very friendly and accessible. Would definitely use his services again.

Nyshie Perkinson

Senior Media Specialist, Center for Biological Diversity

Related Articles

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Don’t Risk It! Why You Shouldn’t Skip Vulnerability Assessments

Cyber threats are a perpetual reality for business owners. Hackers are constantly innovating. They devise new ways to exploit vulnerabilities in computer systems and networks.For businesses of all sizes, a proactive approach to cybersecurity is essential. One of the...

7 Common Pitfalls When Adopting Zero Trust Security

7 Common Pitfalls When Adopting Zero Trust Security

Zero Trust security is rapidly transforming the cybersecurity landscape. It moves away from traditional perimeter-based security models. In this approach, every connection attempt is continuously verified before granting resource access.56% of global organizations say...

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

4 Ways Small Businesses Can Leverage Copilot for Microsoft 365

What are some of the key differentiators that can propel small businesses forward? They include efficiency, productivity, and innovation. Microsoft has expanded the availability of one of its most dynamic tools to SMBs. A tool that can be a real game-changer for...