A Group of Young Cybercriminals Poses the ‘Most Imminent Threat' of Cyberattacks Right Now
A notorious cybercriminal group often called Scattered Spider is known for using social engineering techniques to infiltrate target companies by tricking IT help desk workers into granting them system access. Researchers say that the group seems to gain expertise about the backend systems commonly used by businesses in a particular industry and then uses this knowledge to hit a cluster of targets before moving on to another sector. The group often deploys ransomware or conducts data extortion attacks once it has compromised its victims.
Amid increasing pressure from law enforcement last year, which culminated in charges and arrests of five suspects allegedly linked to Scattered Spider, researchers say that the group was less active in 2024 and seemed to be attempting to lay low. The group's escalating attacks in recent weeks, though, have shown that, far from being defeated, Scattered Spider is emboldened once again.
'There are some uniquely skilled actors in Scattered Spider when it comes to social engineering, and they have identified a major gap in our security systems that they're successfully taking advantage of,' says John Hultquist, chief analyst in Google's threat intelligence group. 'This group is carrying out serious attacks on our critical infrastructure, and I hope that we're not missing the opportunity to address the most imminent threat.'
Though a number of incidents have not been publicly attributed, an overwhelming spree of recent attacks on UK grocery store chains, North American insurers, and international airlines has broadly been tied to Scattered Spider. In May, the UK's National Crime Agency confirmed it was looking at Scattered Spider in connection to the attacks on British retailers. And the FBI warned in an alert on Friday that it has observed 'the cybercriminal group Scattered Spider expanding its targeting to include the airline sector.' The warning came as North American airlines Westjet and Hawaii Airlines said they had been victims of cybercriminal hacks. On Wednesday, the Australian airline Qantas also said it had been hit with a cyberattack, though it was not immediately clear if this attack was part of the group's campaign.
'They slowed down, and we saw them dissipate for a while throughout 2024,' says Adam Meyers, a senior vice president for counter-adversary operations at the security company CrowdStrike. 'Then they've roared back in the last couple of months, first hitting retail and then hitting insurance companies and most recently targeting airlines.'
Scattered Spider first emerged as a high-profile group toward the end of 2023 as its members moved from SIM swapping attacks to launching crippling ransomware attacks on Caesar's Entertainment and MGM Resorts. The latter cost MGM around $100 million to recover from. Researchers emphasize that the collective is financially motivated, made up of mostly English-speaking teenagers and young men who are often based in the US or UK. The Scattered Spider hackers are considered an offshoot of the Com, an amorphous network of potentially thousands of trolls and criminals, many of whom engage in harassment, extortion, and child exploitation.
Scattered Spider members have increasingly coalesced around a tactic of using targeted social engineering to get a foothold inside company networks. Attackers may impersonate a staff member who is locked out of their company email account and contact the firm's IT help desk to get access, before resetting multifactor authentication credentials. Researchers say that the group has also used a tactic of creating convincing phishing websites where the URLs often include the name of the target organization along with words like 'okta,' 'vpn' or 'helpdesk.' Once inside networks, the hackers deploy various types of ransomware or steal data that is used to extort companies.
Meyers says Crowdstrike believes that Scattered Spider has roughly four core members, which drive the targeting of potential victims and 'leverage' resources from the wider Com ecosystem as needed. The exact structure and size of Scattered Spider is unclear, but researchers agree that the group relies on an array of third-party services to carry out its attacks.
'Deterrence is extremely difficult because we're essentially fighting a marketplace where a lot of the actors are replaceable,' Google's Hultquist says. 'For instance, Scattered Spider has worked with multiple ransomware services, so if one goes down there's always someone to replace them.'
Aiden Sinnott, a senior threat researcher at cybersecurity company Sophos' Counter Threat Unit, says that Scattered Spider and the Com more broadly are connected through relationships and communities on Discord servers or Telegram groups. 'It's this kind of evolving group where maybe new younger threat actors are coming in,' Sinnott says. 'You can see this natural escalation progression as they learn skills of each other, and they're very big on sharing their wins as well.'
Some Scattered Spider members may target big-name companies, while others are involved in less high-profile activity. 'There are groups, or individuals, who are really focused on hacking Coinbase accounts and stealing crypto and things like that,' Sinnott says. 'So they're not even focused on these big corporate organizations.'
As Hultquist puts it, "the activity is extremely resilient, because instead of fighting a single actor, we're really fighting a marketplace.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
14 minutes ago
- Yahoo
Why OSS is key to AI benefits in cloud computing
During a recent event in Sydney, Google Cloud highlighted the benefits of AI, through Australian businesses that have deployed the technology commercially to improve customer experience and develop new business opportunities. Besides developing AI models such as Google Gemini, there are many other initiatives within Google Cloud to develop capabilities to simplify the adoption of AI. The company now offers an AI-optimised technology stack, which includes the AI infrastructure, data platform, models, platforms, and AI agents and applications. Customers are not confined to Google Cloud's tech stack. One of its key value propositions is around its ability to support hybrid/multi-cloud and third-party Open Source Software (OSS) solutions. AI is a matter of survival Global software companies are leading the pack in adoption AI as a matter of survival. As with any platform change, they stand to be disrupted the most by emerging companies who are able to harness the power of AI. Google Cloud is co-innovating with independent software vendors to embed AI capabilities into their products. For example, graphic design software company Canva demonstrated the adoption of Google's video generation model Veo 3 to add video creation capability to its platform. This move has created a new feature for Canva customers, allowing creative agencies, marketing teams, and educators to create video content by entering a single text prompt. Heidi Health, a software company addressing the challenges of clinicians has been using AI to simplify administrative tasks and giving clinicians more time to engage patients. Heidi Health is an AI-powered medical scribe that frees up clinicians from time-consuming transcription and documentation tasks. The company leverages Google Cloud's AI platform for speech-to-text capabilities, and it is looking to use tools such as its 'Agent Builder' to advance its solution to become a digital health concierge that can, for example, use an AI agent to call patients for follow-up calls to check on symptoms. Prioritising AI use cases Traditional businesses are also pursuing AI and prioritising use cases. Orica, a mining and infrastructure solutions provider, applies Google Cloud's AI platform to its SAP data across its supply chain to forecast customer demand and improve demand planning. This is made possible because Orica has consolidated its data to a single source and by re-platforming the SAP environment onto Google Cloud. Optus, the local telco has also launched its 'Expert AI,' an agentic AI solution that supports sales and service interactions. It analyses live customer conversations across channels in real time, provides contextual guidance, summarises insights, suggests next actions, and executes tasks across multiple backend systems to resolve customer needs. Cloud OSS partners need to work with clients The event highlights the many possibilities of AI but the reality is that not every business is AI-ready. To be successful, a business needs to have a well-executed data strategy. 'Born in the cloud' companies are also more ready as well as companies that have strong digital expertise and have been modernising their IT. Google Cloud is demonstrating the possibilities with AI but it needs OSS partners to be ready to work with clients to overcome challenges, often due to legacy systems and mindset. Likewise, enterprises will need to also move beyond point solutions, toward a mindset shift by embedding AI across multiple departments, systems, workflows, and buying journeys. While the approach takes on more risks, they provide the highest chances of high impact outcomes. "Why OSS is key to AI benefits in cloud computing" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
Yahoo
19 minutes ago
- Yahoo
Woman sexually assaulted on flight to London is refused compensation
A woman who was sexually abused on a flight to London has been refused compensation. The passenger was assaulted while sleeping on a Qatar Airways flight from Doha, Qatar to Gatwick airport in September last year. The perpetrator was arrested on arrival at Gatwick and jailed in May. However, his victim, who has maintained her anonymity and is referred to as Kelly, has been denied a payout through the Criminal Injuries Compensation (CIC) Scheme. The Government says this is because the attack happened on a plane that was not registered in Britain. Law firm Leigh Day, which is representing Kelly, has written to Shabana Mahmood, the Justice Secretary, urging her to close what it believes is a gap in the law. Kelly, who is in her 20s and from London, said: 'I do not understand why I, and other victims like me, have been excluded from the CIC Scheme. 'I was attacked on a flight en route to the UK, I am a UK citizen, and this crime was investigated and prosecuted by British authorities. I should be entitled to compensation, and being excluded from the scheme is unfair and illogical. 'I am still suffering with the effects of the attack and want to move forward with my life.' The Civil Aviation Act was updated in 1996 to ensure criminal acts on foreign planes bound for Britain can be prosecuted in UK criminal courts. Claire Powell, a Leigh Day solicitor, said: 'Our client suffered an horrific sexual attack on a UK-bound flight. 'She was refused compensation under the Criminal Injuries Compensation scheme simply because it was a foreign flight and the rules have not been amended in line with the updates to the Civil Aviation Act. 'It is a gap that needs closing urgently and we trust the Justice Secretary will agree, particularly in light of this Government's commitment to addressing violence against women and girls.' A Ministry of Justice spokesman said: 'Our thoughts remain with this victim, and we remain resolute in our mission to halve violence against women and girls in a decade. 'The rules that the Criminal Injuries Compensation Authority follows, and the values of payments for injuries, are set by Parliament. Other routes are available for victims to receive support.' Kelly was attacked by Momade Jussab of Swinfield Close, Feltham, who was sitting next to her and put his hands down her trousers. Jussab, 66, was handed a six-and-a-half-year prison sentence at Lewes Crown Court in May after being found guilty of one count of sexual assault by penetration and two counts of sexual assault. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Yahoo
34 minutes ago
- Yahoo
Diageo sells two RTD brands to Australia's Vok Beverages
Diageo has agreed to sell two of its Australian ready-to-drink brands, UDL and Ruski Lemon, to local drinks group Vok Beverages. Financial details of the transaction were not disclosed. In a joint statement, Dan Hamilton, managing director of Diageo's Australia business, said: 'The decision to sell UDL and Ruski was not made lightly, but we believe it is the best way to preserve the legacy of these iconic brands and unlock future growth and innovation across Diageo's broader portfolio." The sale to Vok Beverages is expected to be finalised by 1 October. "Diageo Australia and Vok Beverages will work together to ensure a smooth transition for the continued supply of UDL and Ruski to their valued customer base," the joint statement read. Ruski Lemon is a vodka-based RTD beverage, while UDL produces a range of pre-mixed cocktails in various flavours such as Blue Lagoon, Piña Colada, and Mango Daiquiri. The brands were created by Diageo and its predecessor company United Distillers Limited. UDL was launched in 1965, while Ruski came onto the market in 1997, the year Diageo was founded. UDL and Ruski are sold mostly in Australia but also have "limited sales" in New Zealand and some markets in the South Pacific region, Diageo told Just Drinks. Vok Beverages, founded in 2002, is the alcoholic drinks subsidiary of local company Bickford's Group of Companies. The South Australia-based business specialises in the production, sales, and marketing of beer, wine, spirits, cider, and RTD beverages. Its portfolio includes 23rd Street Distillery gins, Beenleigh Rum, and Vok Liqueurs. Commenting on the deal in the statement, Vok Beverages managing director, Angelo Kotses, said: 'Since 2002, Vok Beverages has been proudly crafting exceptional spirits, RTDs, beer, and wine from our local manufacturing facility in South Australia, building trusted brands with a passionate consumer following. "We're thrilled to be giving UDL and Ruski a bold new chapter, with exciting plans already underway to surprise, inspire, and delight both customers and consumers alike.' Diageo still produces a range of RTD brands in Australia under the brands Bundaberg rum, Smirnoff vodka, Johnnie Walker whisky, Captain Morgan rum and Gordon's gin. The sale comes as Diageo intensifies its cost-saving efforts. The company recently announced plans to achieve $625m in cost savings over the next three years, an increase of $125m from its initial $500m target outlined in its 'Accelerate' initiative in May. "Diageo sells two RTD brands to Australia's Vok Beverages" was originally created and published by Just Drinks, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
