What if it is Scattered Spider?
Boris Cipot, senior security engineer at Black Duck, pointed out that Scattered Spider usually deploys social-engineering techniques to pursue employees into handing over credentials, much like it did in the September 2023 MGM hack. Cipot said among their other techniques, SIM swapping and MFA fatigue attacks are common. They are also known to use legitimate remote management software such as Any Desk or TeamViewer to avoid detection, and tend to partner with ransomware groups.“Their usual targets are in the hospitality and telecommunication sectors however, they have shifted towards retail, which could have, on one hand, monetary motivation, and on the other hand, a gap in deployment of cybersecurity tools and cybersecurity hygiene, which makes those targets easier to breach,” said Cipot. “The retail sector also has large amounts of highly sensitive personal data to offer, especially payment data, which is of great value for extortion or further sale. Additionally, the retail sector has complex supply chains, making it harder to deploy resilient cybersecurity strategies.”Chad Cragle, chief information security officer at Deepwatch, added that security teams can defend against Scattered Spider and other leading ransomware groups by doing the following: secure privileged accounts, implement phishing-resistant MFA, and verify every help-desk identity request.“Retailers are particularly vulnerable, as they handle large amounts of payment data, manage intricate supply chains, and operate under significant uptime pressure that often encourages ransom payments,” said Cragle. “However, organizations with valuable data and critical availability needs are equally at risk.”
