Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them.
A game of cops and robbers is playing out between the FBI and Scattered Spider, the cybercrime outfit a la mode, ever since its high-profile attacks against MGM Resorts and Caesars Entertainment.
If recent rumblings are to be believed, the future of the group might well be determined in short course.
On one side, Brett Leatherman, the FBI's cyber deputy assistant director, told reporters in various interviews at RSAC 2024 about the agency's plans to bring charges against members of Scattered Spider, primarily under the well-worn Computer Fraud and Abuse Act.
Clearly, Scattered Spider hasn't felt that pressure coming.
In recent months it has only expanded its scope, with attacks targeting industries as broad as retail, food services, and video games.
In just the past few weeks, the group compromised at least 29 companies in the finance and insurance industries, according to research from Resilience.
An anonymous researcher told Bloomberg that among those targeted were household names like Visa, PNC, Transamerica, and New York Life Insurance Co., though they didn't reveal which of those organizations in particular had failed to stop their attackers.
This latest campaign has had some of the usual hallmarks of Scattered Spider attacks: lookalike domains mimicking organizations' Okta and content management system sign-on pages, with the potential for follow-on SIM swap attacks that leak sensitive corporate data.
There was a notable efficiency to the attacks as well, with Scattered Spider swiftly deploying its infrastructure and conducting its attacks in only a few hours' time.
The effects of law enforcement interventions into cybercrime often are found in the finer details: the confidence that affiliates lose in brand-name groups, the power vacuums that result, and the looming threat to anyone who dares take their place.
There's little evidence that major takedowns of infrastructure, or even arrests here and there, take significant numbers of criminals off the web.
The keyboard warrior is a shifty species that's tough to find and pin down, and tends to reconstitute in new forms after brief periods of disruption.
Worse is when they reside in parts of the world where law enforcement isn't equipped or inclined to help out Western authorities.
The rub with Scattered Spider is that it's distinctly not foreign.
Its members are thought to be primarily young people in the US and the UK. If ever there were a hacking operation the FBI could wipe out, full stop, it would be this one.
Taking out a major hacking operation is not a simple job, says former FBI cyber special agent Adam Marrè, now chief information security officer at Arctic Wolf.
Because ironclad attribution is so crucial, and because it's so elusive, the openness and cooperation of targeted organizations may prove the difference in bringing bad guys to justice.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 14 May 2024 20:45:06 +0000