As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs

Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them.
A game of cops and robbers is playing out between the FBI and Scattered Spider, the cybercrime outfit a la mode, ever since its high-profile attacks against MGM Resorts and Caesars Entertainment.
If recent rumblings are to be believed, the future of the group might well be determined in short course.
On one side, Brett Leatherman, the FBI's cyber deputy assistant director, told reporters in various interviews at RSAC 2024 about the agency's plans to bring charges against members of Scattered Spider, primarily under the well-worn Computer Fraud and Abuse Act.
Clearly, Scattered Spider hasn't felt that pressure coming.
In recent months it has only expanded its scope, with attacks targeting industries as broad as retail, food services, and video games.
In just the past few weeks, the group compromised at least 29 companies in the finance and insurance industries, according to research from Resilience.
An anonymous researcher told Bloomberg that among those targeted were household names like Visa, PNC, Transamerica, and New York Life Insurance Co., though they didn't reveal which of those organizations in particular had failed to stop their attackers.
This latest campaign has had some of the usual hallmarks of Scattered Spider attacks: lookalike domains mimicking organizations' Okta and content management system sign-on pages, with the potential for follow-on SIM swap attacks that leak sensitive corporate data.
There was a notable efficiency to the attacks as well, with Scattered Spider swiftly deploying its infrastructure and conducting its attacks in only a few hours' time.
The effects of law enforcement interventions into cybercrime often are found in the finer details: the confidence that affiliates lose in brand-name groups, the power vacuums that result, and the looming threat to anyone who dares take their place.
There's little evidence that major takedowns of infrastructure, or even arrests here and there, take significant numbers of criminals off the web.
The keyboard warrior is a shifty species that's tough to find and pin down, and tends to reconstitute in new forms after brief periods of disruption.
Worse is when they reside in parts of the world where law enforcement isn't equipped or inclined to help out Western authorities.
The rub with Scattered Spider is that it's distinctly not foreign.
Its members are thought to be primarily young people in the US and the UK. If ever there were a hacking operation the FBI could wipe out, full stop, it would be this one.
Taking out a major hacking operation is not a simple job, says former FBI cyber special agent Adam Marrè, now chief information security officer at Arctic Wolf.
Because ironclad attribution is so crucial, and because it's so elusive, the openness and cooperation of targeted organizations may prove the difference in bringing bad guys to justice.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 14 May 2024 20:45:06 +0000


Cyber News related to As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs

As the FBI Closes In, Scattered Spider Attacks Finance, Insurance Orgs - Scattered Spider hackers have been tearing through the finance and insurance sectors, all while authorities are preparing legal actions to stop them. A game of cops and robbers is playing out between the FBI and Scattered Spider, the cybercrime ...
1 year ago Darkreading.com Scattered Spider
Cyber Insights 2023: Cyberinsurance - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. In 2022, Russia invaded Ukraine with the potential for more serious and more ...
2 years ago Securityweek.com
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider is running a VMware ESXi hacking spree - This allows Scattered Spider to scan the network devices for IT documentation that would provide high-value targets, like the names of domain or VMware vSphere administrators, and security groups that can provide administrative permissions over the ...
1 week ago Bleepingcomputer.com Scattered Spider
Scattered Spider Hops Nimbly From Cloud to On-Prem in Complex Attack - The group behind the high-profile MGM cyberattack in September has resurfaced in yet another sophisticated ransomware attack, in which the actor pivoted from a third-party service environment to the target organization's on-premise network in only an ...
1 year ago Darkreading.com Scattered Spider
Scattered Spider hackers shift focus to aviation, transportation firms - Scattered Spider, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a classification of threat actors that are adept at using social engineering attacks, phishing, ...
1 month ago Bleepingcomputer.com Qilin Dragonforce Ransomhub Scattered Spider
Scattered Spider Attacking Finance & Insurance Industries - Hackers very frequently target the finance and insurance sectors due to the large volumes of sensitive data that they own. These areas manage huge quantities of valuable as well as critical financial information, personal identities, and intellectual ...
1 year ago Gbhackers.com Scattered Spider
Hackers behind UK retail attacks now targeting US companies - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated ...
2 months ago Bleepingcomputer.com Scattered Spider Dragonforce
With Attacks on the Upswing, Cyber-Insurance Premiums Poised to Rise Too - An increase in cyber-insurance claims in 2023, driven by a more active threat landscape, will likely mean that last year's price plateau in cyber-insurance premium costs will be short-lived, according to industry experts. While premium costs fell by ...
1 year ago Darkreading.com Rocke
Scattered Spider Employs Sophisticated Attacks to Steal Login Credentials & MFA Tokens - To counter this threat, Silent Push has developed Indicators of Future Attack (IOFA) feeds that track Scattered Spider infrastructure, including recently observed domains like “klv1.it.com” targeting Klaviyo and multiple others ...
3 months ago Cybersecuritynews.com Scattered Spider
Cyber Insurance for Businesses: Navigating Coverage - To mitigate these risks, many businesses opt for cyber insurance. With the wide range of policies available, navigating the world of cyber insurance can be overwhelming. In this article, we will delve into the complexities of cyber insurance and ...
1 year ago Securityzap.com
Cyber Insurance: A Smart Investment to Protect Your Business from Cyber Threats in 2023 - Don't wait until it's too late - get cyber insurance today and secure your business for tomorrow. According to the U.S. Federal Trade Commission, cyber insurance is a particular type of insurance that helps businesses mitigate financial losses ...
1 year ago Cyberdefensemagazine.com
The Impact of Open-Source Software on Public Finance Management - The open-source movement holds significant potential for public agencies, too, especially in the realm of finances. Public finance has emerged as a leader in government-backed OSS, thanks largely to the move toward open banking. Benefits of OSS in ...
1 year ago Feeds.dzone.com
Fighting ransomware: A guide to getting the right cybersecurity insurance - While the cybersecurity risk insurance market has been around for more than 20 years, the rapidly changing nature of attacks and the rise in the ransomware epidemic has markedly changed the nature of cyber insurance in recent years. It's more ...
1 year ago Scmagazine.com
Researchers Expose Scattered Spider's Tools, Techniques and Key Indicators - Scattered Spider, a sophisticated cyber threat group known for aggressive social engineering and targeted phishing, is broadening its scope, notably targeting aviation alongside enterprise environments. During a targeted investigation, Check Point ...
1 month ago Cybersecuritynews.com Scattered Spider
The Rise of Cyber Insurance - What CISOs Need to Consider - Cyber insurance offers not just financial protection against potentially devastating cyber incidents but also provides frameworks for improving security posture, access to specialized resources, and support during crisis scenarios. Beyond financial ...
3 months ago Cybersecuritynews.com
Making Cyber Insurance Available for Small Biz, Contractors - The soaring costs of recovering from a security incident or data breach is driving interest in cyber insurance. While cyber insurance is typically viewed as a product mainly for large organizations seeking coverage and protection against ...
1 year ago Darkreading.com
Global Authorities Share IoCs and TTPs of Scattered Spider Behind Major ESXi Ransomware Attacks - The joint advisory, released by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Royal Canadian Mounted Police (RCMP), Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), ...
1 week ago Cybersecuritynews.com Scattered Spider Dragonforce
CISA and FBI Shared Tactics, Techniques, and Procedures of Scattered Spider Hacker Group - CISA analysts identified that Scattered Spider has recently expanded its arsenal to include DragonForce ransomware alongside traditional data exfiltration techniques, marking a significant escalation in the group’s threat profile. Scattered ...
1 week ago Cybersecuritynews.com Scattered Spider Dragonforce
Scattered Spider Hackers Actively Attacking Aviation and Transportation Firms - Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered ...
1 month ago Cybersecuritynews.com Scattered Spider
Scattered Spider is targeting victims' Snowflake data storage for quick exfiltration | The Record from Recorded Future News - The Scattered Spider cybercriminal group is targeting victims’ data storage tools after gaining initial access by impersonating contracted information technology (IT) help desks. In “many” incidents, Scattered Spider was seen searching for an ...
1 week ago Therecord.media Dragonforce Scattered Spider
Scattered Spider member pleads guilty to identity theft, wire fraud charges | The Record from Recorded Future News - Urban, who goes by the alias "Sosa," “Elijah,” and “King Bob” was "part of a group of loosely organized individuals who engage in account takeovers and [stole] cryptocurrency from online exchanges" from August 2022 through ...
4 months ago Therecord.media Scattered Spider
Navigating Cyber Insurance - A CISO’s Guide to Coverage and Costs - By understanding coverage options, cost factors, and strategic approaches to the insurance process, security leaders can better protect their organizations from both cyber threats and the financial fallout that often follows. For Chief Information ...
3 months ago Cybersecuritynews.com
Scattered Spider Malware Targeting Klaviyo, HubSpot, and Pure Storage Services - Security teams should be particularly vigilant for suspicious authentication attempts, unknown devices connecting to corporate networks, and unusual account activity patterns that might indicate successful credential theft through Scattered ...
2 months ago Cybersecuritynews.com Scattered Spider
5 Ways to Counteract Increasing Cyber Insurance Rates - Despite this threat, only 55% of organizations have some form of cyber insurance, and only 19% have coverage for cyber events beyond $600,000. As the cybersecurity landscape continues to evolve, businesses must carefully evaluate their risk exposure ...
1 year ago Cybersecurity-insiders.com