A Group of Young Cybercriminals Poses the ‘Most Imminent Threat' of Cyberattacks Right Now
A notorious cybercriminal group often called Scattered Spider is known for using social engineering techniques to infiltrate target companies by tricking IT help desk workers into granting them system access. Researchers say that the group seems to gain expertise about the backend systems commonly used by businesses in a particular industry and then uses this knowledge to hit a cluster of targets before moving on to another sector. The group often deploys ransomware or conducts data extortion attacks once it has compromised its victims.
Amid increasing pressure from law enforcement last year, which culminated in charges and arrests of five suspects allegedly linked to Scattered Spider, researchers say that the group was less active in 2024 and seemed to be attempting to lay low. The group's escalating attacks in recent weeks, though, have shown that, far from being defeated, Scattered Spider is emboldened once again.
'There are some uniquely skilled actors in Scattered Spider when it comes to social engineering, and they have identified a major gap in our security systems that they're successfully taking advantage of,' says John Hultquist, chief analyst in Google's threat intelligence group. 'This group is carrying out serious attacks on our critical infrastructure, and I hope that we're not missing the opportunity to address the most imminent threat.'
Though a number of incidents have not been publicly attributed, an overwhelming spree of recent attacks on UK grocery store chains, North American insurers, and international airlines has broadly been tied to Scattered Spider. In May, the UK's National Crime Agency confirmed it was looking at Scattered Spider in connection to the attacks on British retailers. And the FBI warned in an alert on Friday that it has observed 'the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.' The warning came as North American airlines Westjet and Hawaii Airlines said they had been victims of cybercriminal hacks. On Wednesday, the Australian airline Qantas also said it had been hit with a cyberattack, though it was not immediately clear if this attack was part of the group's campaign.
'They slowed down, and we saw them dissipate for a while throughout 2024,' says Adam Meyers, a senior vice president for counter-adversary operations at the security company CrowdStrike. 'Then they've roared back in the last couple of months, first hitting retail and then hitting insurance companies and most recently targeting airlines.'
Scattered Spider first emerged as a high-profile group toward the end of 2023 as its members moved from SIM swapping attacks to launching crippling ransomware attacks on Caesar's Entertainment and MGM Resorts. The latter cost MGM around $100 million to recover from. Researchers emphasize that the collective is financially motivated, made up of mostly English-speaking teenagers and young men who are often based in the US or UK. The Scattered Spider hackers are considered an offshoot of the Com, an amorphous network of potentially thousands of trolls and criminals, many of whom engage in harassment, extortion, and child exploitation.
Scattered Spider members have increasingly coalesced around a tactic of using targeted social engineering to get a foothold inside company networks. Attackers may impersonate a staff member who is locked out of their company email account and contact the firm's IT help desk to get access, before resetting multifactor authentication credentials. Researchers say that the group has also used a tactic of creating convincing phishing websites where the URLs often include the name of the target organization along with words like 'okta,' 'vpn' or 'helpdesk.' Once inside networks, the hackers deploy various types of ransomware or steal data that is used to extort companies.
Meyers says Crowdstrike believes that Scattered Spider has roughly four core members, which drive the targeting of potential victims and 'leverage' resources from the wider Com ecosystem as needed. The exact structure and size of Scattered Spider is unclear, but researchers agree that the group relies on an array of third-party services to carry out its attacks.
'Deterrence is extremely difficult because we're essentially fighting a marketplace where a lot of the actors are replaceable,' Google's Hultquist says. 'For instance, Scattered Spider has worked with multiple ransomware services, so if one goes down there's always someone to replace them.'
Aiden Sinnott, a senior threat researcher at cybersecurity company Sophos' Counter Threat Unit, says that Scattered Spider and the Com more broadly are connected through relationships and communities on Discord servers or Telegram groups. 'It's this kind of evolving group where maybe new younger threat actors are coming in,' Sinnott says. 'You can see this natural escalation progression as they learn skills of each other, and they're very big on sharing their wins as well.'
Some Scattered Spider members may target big-name companies, while others are involved in less high-profile activity. 'There are groups, or individuals, who are really focused on hacking Coinbase accounts and stealing crypto and things like that,' Sinnott says. 'So they're not even focused on these big corporate organizations.'
As Hultquist puts it, "the activity is extremely resilient, because instead of fighting a single actor, we're really fighting a marketplace.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
32 minutes ago
- Yahoo
The sale of illegal cigarettes signals a deeper problem with UK high streets
It's pitch black and we're crawling along a secret underground tunnel beneath a high street in Hull. We pass rotting beams propped up precariously by stacked breeze blocks. A rusty car jack is helping prevent the shop floor above from falling in. Through the rubble, we follow a Trading Standards Officer, his torch swinging back and forth in the darkness until it rests on a hidden stash of thousands of illegal cigarettes. This is just one such surreal experience while investigating the sale of illegal cigarettes in Hull. In one week we repeatedly witnessed counterfeit and smuggled tobacco being sold in high street mini marts - and were threatened by shop workers who grabbed our cameras when we tried to film them. This is now a familiar story being repeated across Britain. In April, the National Crime Agency (NCA) raided hundreds of high street businesses, many suspected of being supplied by international crime gangs. Trading Standards teams have also found a thriving trade in illicit tobacco. One leading criminology expert called the networks behind the supply of illegal cigarettes the "golden thread for understanding serious organised crime", because of its links to people trafficking and, in some cases, illegal immigration. So, in some ways, these high street shop fronts connect the various domestic problems facing Britain today. Political researchers claim it's also damaging trust in police and the government - and turning our high streets into symbols of national decline. Alan, a former detective and now a Trading Standards officer, searches for counterfeit and smuggled cigarettes sold under the counter in mini marts, barber shops and takeaways around Hull, which he says have spread across the city at an alarming rate. Under the floorboards of a mini mart called Ezee Shop, a network of these secret tunnels hide contraband stock. As battered suitcases and black sacks stuffed full of cigarettes are heaved up through the makeshift trap door, a man who we're told helps out in the shop watches on laughing. "It's not something dangerous, it's only cigarettes," he says. "Everywhere has it; barber shops, takeaways." Some shops, he adds, are selling drugs including crack cocaine. Alan estimates that there are about £20,000 worth of illegal cigarettes in this haul, a tiny proportion of a crime that HMRC says costs the country at least £2.2 billion in lost revenue. Today's raid won't change what's happening on Hull's high streets, he says. He has been to some shops at least 20 times and he estimates that there are some 80 shops selling illegal cigarettes in the city. "We're losing the war," he says. He has been with Trading Standards for many years but didn't want to be fully identified because he's worried about the organised crime gangs often supplying these shops. It's not long before someone claiming to be Ezee Shop's owner turns up. Alan says he is a Kurd from Iran. He is furious with us filming his illicit stock being taken away. Some of the illegal cigarettes sold across Britain are made in this country. Others are produced cheaply in countries like Poland or Belgium. Some are designed to imitate established brands. Illegal cigarettes are sold without the necessary taxes and duties, and many do not conform to safety standards. Previously the Local Government Association warned that some black market cigarettes contained "human excrement, dead flies and asbestos". We went undercover, visiting 12 shops in Hull, some multiple times, to try and buy these cheap cigarettes, and secretly filmed the responses. The windows of many of these shops are covered with large pictures of fizzy drinks, sweets and vapes, obscuring what's going on inside. Nine sold us illegal cigarettes and hand-rolling tobacco. Two told us where we could buy cheap packs. We were openly offered a selection of brands with packets costing between £3 and £7 - instead of the average UK price of about £16. None of the businesses we bought illegal cigarettes from in Hull responded to our request for a comment. But this is not only a Hull problem. Data shared with the BBC from investigators working for an international tobacco company say that last year they identified more than 600 shops selling illegal packets, with several cities including Bradford, Coventry and Nottingham flagged as hotspots. The BBC is unable to verify these figures. In Bradford alone, they say they found 49 stores selling fake products in just two days. In the end, they had to stop the test purchases because they didn't have enough test bags to put the items in. All of this is a growing problem - but it is also one with specific causes: profits, a lack of resources to enforce the law, a complex criminal supply network and in some cases organised immigration crime. Professor Georgios Antonopoulos, criminologist at Northumbria University Newcastle, believes money is at the heart of it. "Legal tobacco products in the UK are subject to some of the highest excise taxes in the world," he says. Illegal cigarettes are sometimes sold for as little as £3 to £5 per pack - compelling for some customers during a cost of living crisis. In some cases, the financial penalties issued to criminals may be much lower than the profits they can make. In the case of Ezee Shop in Hull, the shop owner had been convicted for selling illegal cigarettes in the past and was fined £80, plus costs and a £34 victim surcharge. Tougher rules introduced in 2023 mean those convicted now can face higher fines of up to £10,000 - but this may still be lower than the value of the stash. After the raid, we went back to the shop, covertly. Within a few hours it had reopened, restocked - and was selling illegal cigarettes once again. Leading criminologists tell the BBC that UK authorities are struggling to deal with the problem. Prof Antonopoulos says teams are "chronically underfunded". He claims that police prioritise violent crimes and drug trafficking - "which is understandable," he adds. Some Trading Standards officers are frustrated with the powers available to them. "The general public don't understand why they can't be closed down," Alan says. They can use anti-social behaviour legislation to close shops for up to three months - but it can require statements from other businesses and members of the public. We were told that after some shops shut down, the criminals simply reopen nearby. Alan wants a 'three strikes and you're out' policy to permanently close law-breaking businesses. Last year, the previous government provided £100 million across five years to support HMRC and Border Force to tackle the illicit tobacco trade. But since then, the Chartered Trading Standards Institute warned that some broader forms of organised crime - including scammers and rogue traders - could effectively become decriminalised, due to a lack of funding. As for the suppliers, HMRC says there are so many organised crime groups operating across borders that it is hard to limit the flow of goods into the UK. In May, Hungarian authorities raided a factory where they found warehouses full of fake cigarettes. And there's even production in Ukraine, according to legitimate tobacco firms, with authorities there stretched because of the war. There is also a "significant production" of illicit tobacco here in the UK, says Prof Antonopoulos. A Trading Standards team in south Wales told us that counterfeit hand-rolling tobacco is often sold cheaply. They claimed that some of it was made using forced labour, controlled by Chinese gangs. Dave McKelvey, managing director of TM Eye private investigators, which works with tobacco firms to gather evidence on the illicit trade, claims that Fujian-based Chinese triads operate a "vast business" here in the UK. And trying to track down the people in charge of these criminal enterprises is a challenge. Trading Standards told the BBC that those named as the company director often have no real involvement in the company. Instead, they may be paid a small sum each month to be listed as the director on official documents. Later this year, Companies House will receive new powers to better identify business owners. Authorities are trying to clean up British high streets. Just this year, we joined dozens of raids led by the NCA in barber shops and mini marts, in a month-long operation. But the former senior detectives who worked with the BBC's undercover team said they need more time to fully expose the organised crime supplying some of the shop fronts. Throughout our time with Trading Standards in Hull and in the dozens of raids we've been on with police in Shrewsbury and across Greater Manchester, officers claimed that tobacco operations are often staffed by Kurds from Iran and Iraq. Some may not have had the right to work. In Hull, Alan believes that some people working in the shops he visits may be recruited from asylum seeker hotels. "They're expendable, if they get caught they just replace them with another. Rochdale Trading Standards has made similar observations. Criminology professor Emmeline Taylor argues that these criminal supply chains behind the supply of illegal tobacco are linked to other forms of crime - and the damage can't be underestimated. "They're not just dealing in tobacco," she says. "It's firearms, it's drugs, it's people trafficking, it's illegal immigration." The Home Secretary, Yvette Cooper, told us it is a "total disgrace" that "criminal gangs are trying to abuse our high streets by using shops as a front for organised crime". She also accused gangs of "undermining our border and immigration systems by employing illegal workers". Of course, there have long been pockets of criminality on the UK high street. But now experts tell us that this illicit trade is harming people's trust in authority - and, at a basic level, their sense of fairness. "If you're a law abiding business following the rules, you're jeopardising your own livelihood and the viability of your own business," argues Prof Taylor. "And to me that's not fair that someone can succeed by not playing by the rules." Josh Nicholson, a researcher at the Centre for Social Justice, believes that perceptions of crime are worse than ever. "From research we have done there is a feeling of powerlessness, a lack of respect for authority like the police," he says. "Are the police... seen to be tackling low level offences? When they don't see it tackled, people's perception is that things are getting a lot worse." And people tend to trust the government less when they think access to good shops has declined in their area, says Will Jennings, a political science professor at the University of Southampton, based on studies he has done. The families paying £1,500 for 'private bobbies' to police their homes Kuenssberg: Starmer's first year ends in shambles, but could he still turn it around? Britain's energy bills problem - and why firms are paid huge sums to stop producing power Nick Plumb, a director at the Power to Change charity, says his research shows that declining high streets boosts support for parties that were once considered outside of the political mainstream. "Reform UK, for example, is doing better in places with declining high streets when compared to the rest of England," he says. "There's a sense that … mainstream politics, local authorities have all tried to tackle this issue, and [residents] haven't seen any change. It's that sense of 'the status quo hasn't solved these things, and therefore we want to try something new'." Ultimately, what people see in the places they call home matters. "People find a sense of local identity in the quality of the streets where they've grown up," adds Mr Nicholson. "When the quality ... dramatically declines, and they feel they can't even go there - what that does to a sense of community is unquantifiable." Additional reporting by Phillip Edwards. Top Image credit: Javier Zayas Photography/ Getty Images BBC InDepth is the home on the website and app for the best analysis, with fresh perspectives that challenge assumptions and deep reporting on the biggest issues of the day. And we showcase thought-provoking content from across BBC Sounds and iPlayer too. You can send us your feedback on the InDepth section by clicking on the button below.
San Francisco Chronicle
42 minutes ago
- San Francisco Chronicle
The Royal Train will end 156 years of service as King Charles III seeks to economize
LONDON (AP) — The Royal Train will soon leave the station for the last time. King Charles III has accepted it's time to decommission the train, whose history dates back to Queen Victoria, because it costs too much to operate and would have needed a significant upgrade for more advanced rail systems, Buckingham Palace said Monday. 'In moving forwards, we must not be bound by the past,'' said James Chalmers, the palace official in charge of the king's financial affairs. 'Just as so many parts of the royal household's work have modernized and adapted to reflect the world of today, so too the time has come to bid the fondest of farewells, as we seek to be disciplined and forward-looking in our allocation of funding.'' The train, actually a suite of nine railcars that can be hitched to commercial locomotives, will be decommissioned sometime before the current maintenance contract expires in 2027. That will bring to an end a tradition that dates back to 1869, when Queen Victoria commissioned a pair of special coaches to accommodate her travels. The decision was announced during the palace's annual briefing for reporters on the royal finances. The royal family will for the fourth consecutive year receive public funding of 86.3 million pounds ($118 million), including 34.5 million pounds to fund the remodeling of Buckingham Palace, in the 12 months through March 2026. This money comes from a mechanism known as the Sovereign Grant, which sets aside 12% of the net income from the Crown Estate to fund the official duties of the king and other members of the royal family. The Crown Estate is a portfolio of properties that are owned by the monarch during his reign. The properties are professionally managed and the king can't dispose of the assets. The Crown Estate is one of the many relics of Britain's feudal past. King George III, who ruled during the American Revolution, surrendered management of the crown lands to Parliament in 1760 in return for a fixed payment from the Treasury. The royal finances remain a topic of public debate, with Charles pledging to slim down the monarchy and cut costs as he seeks to ensure the institution's survival. Buckingham Palace was quick to point out that while the Sovereign Grant has been unchanged for the past four years, inflation has eroded its value. If the grant had increased in line with inflation, it would have been about 106 million pounds this year, the palace said. The basic grant was supplemented with 21.5 million pounds ($29.5 million) of income generated by properties outside the Crown Estate. This income increased by 1.7 million pounds, driven by a record year for visitors to Buckingham Palace and special tours of the newly renovated East Wing. Craig Prescott, a constitutional law expert at Royal Holloway, University of London who focuses on the political role of the monarchy, said funding for the royals is relatively small when compared to the overall cost of the British state and it provides tangible benefits for the country. 'It's something that puts Britain on the world stage in a way that few other things do,'' he said, noting that Queen Elizabeth II's funeral was the largest gathering of world leaders in history and the coronation was broadcast around the world. 'It's one of those things that people think about when they think about Britain.'' Over the past year, Charles traveled to Australia and attended the Commonwealth Heads of Government Meeting in Samoa — his first as the organization's head. The royals also took center stage at the 80th anniversaries of D-Day and V-E Day, which marked the end of World War II in Europe, and welcomed the leaders of Japan and Qatar as they made state visits to the U.K. Overall, the royals made 1,900 public appearances in the U.K. and overseas. About 93,000 guests attended 828 events at the royal palaces.
Android Authority
an hour ago
- Android Authority
Leakers clash over what Google's thinking for Pixel 10 color options
C. Scott Brown / Android Authority TL;DR Google's Pixel 10 phones are expected to launch this summer, and likely sometime in August. Leaks have already attempted to identify the color options for the lineup, though many have disagreed on the details. The latest list seems to generally align with colors we've heard about before, while retaining familiar Pixel branding for them. Google's Pixel 10 smartphones are on their way, and odds are we'll be formally meeting the hardware in just another month or so. We've already got a lot to look forward to, with leaks and rumors detailing everything from the presence of new TSMC-made Tensor G5 chips, to some very beefy batteries, to some cool camera tricks. All that is very important, absolutely, but let's not forget about what's arguably the most personal choice to make when considering a new phone: What color do we want it in? We've already looked at a few reports about the color options Google could be considering for the Pixel 10 family, and today we're checking out one more. It's probably too early to say whether or not this will be our definitive list, but it really is starting to feel like we're getting there. An early leak from tipster Mystic Leaks asserted that the Pixel 10 series would debut with these color options: Pixel 10: Obsidian (black) Blue (blue) Iris (purple) Limoncello (yellow) Pixel 10 Pro/Pixel 10 Pro XL: Obsidian (black) Green (green) Sterling (gray) Porcelain (white) Then, just about a month ago, Android Headlines shared a different list, adding colors for the Fold and changing up some of the options for the other devices: Pixel 10: Ultra Blue Limoncello Iris Midnight Pixel 10 Pro/Pixel 10 Pro XL: Sterling Gray Light Porcelain Midnight Smoky Green Pixel 10 Pro Fold: Sterling Gray Smoky Green Today, we're looking at a post from leaker Arsène Lupin on X, with a third attempt at nailing down Google's Pixel 10 palette: Pixel 10: Obsidian Frost Lemongrass Indigo Pixel 10 Pro/Pixel 10 Pro XL: Obsidian Porcelain Moonstone Jade Pixel 10 Pro Fold: Moonstone Jade It sure feels like we're talking about the same colors here, and right now the leakers are debating how Google intends to identify them. Earlier, we expressed a little concern that classic color options like Obsidian and Porcelain might be retired for Midnight and this new Light branding, but perhaps there's a chance Google's sticking with what works, after all. In addition to these color details, the leaker makes a few claims about storage configurations. Specifically, they say the Pixel 10 will sell either 128GB or 256GB of storage, the Pixel 10 Pro will add a 512GB and 1TB option to those two, and the Pixel 10 Pro XL and Pro Fold will drop 128GB and only be available in the three largest sizes. The presence of those 128GB options has us wondering if Google will stick with UFS 3.1 like on the Pixel 9, or if we could get higher-speed UFS 4.0 chips for at least the bigger options. Finally, Arsène Lupin drops a couple mentions of accessories, including the same Rock Candy color for Google's charger we shared before, but not attempting to confirm Pixelsnap branding. Keep following Android Authority as the rest of the Pixel 10 picture comes into focus. With an August launch anticipated, it shouldn't be long now before we have the complete picture. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
