Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The shift comes as the UK’s cyber watchdog launches an investigation into the group and the recent wave of UK retailer cyber attacks.
The threat group believed to be behind the wave of cyber attacks on UK retailers is reportedly shifting its focus to US insurance companies, according to threat intelligence researchers.
Earlier this year, the Scattered Spider hacking collective made headlines after it was believed to have hacked a trio of UK retailers – Marks & Spencer (M&S), Co-op, and Harrods. The group was believed to have been tied to the DragonForce ransomware gang.
Scattered Spider is a group linked to a larger hacking collective called “The Community” or “The Com” and is believed to be largely made up of mostly English-speaking young adults and teenagers based in the United States and other countries.
Also known as Muddled Libra, Octo Tempest, and Scatter Swine, among other things, the group has been observed gaining initial access using multifactor authentication (MFA) bombing, phishing and SIM swapping attacks before using the malware of other prolific ransomware groups, including DragonForce, RansomHub, and Qilin.
Now, following the wave of incidents on UK and US retailers, threat intelligence researchers from Google suspect that the hacking collective is now targeting the insurance industry.
“Google Threat Intelligence Group is now aware of multiple intrusions in the US which bear all the hallmarks of Scattered Spider activity. We are now seeing incidents in the insurance industry,” John Hultquist, chief analyst at Google Threat Intelligence Group (GTIG), told tech and cyber publication BleepingComputer.
Hultquist said Scattered Spider typically focuses on one industry at a time, as was witnessed with the UK and US retail industries, and now appears to be targeting the US insurance industry.
He also said that companies in the industry should be on the lookout for social engineering attempts at call centres and help desks. Companies should also engage MFA, have good visibility over the entire organisation’s network and operations and require strong authentication criteria for accessing accounts.
Following the breaches of the three UK retailers, Scattered Spider is also the focus of a massive investigation by the UK’s National Crime Agency (NCA).
While the NCA has never previously attributed the attacks to Scattered Spider, it now says it is launching an investigation to identify and catch the offenders.
“We are looking at the group that is publicly known as Scattered Spider, but we’ve got a range of different hypotheses, and we’ll follow the evidence to get to the offenders,” said NCA national cyber crime unit chief Paul Foster in a recent BBC documentary.
“In light of all the damage that we’re seeing, catching whoever is behind these attacks is our top priority.
“We know that Scattered Spider are largely English-speaking, but that doesn’t necessarily mean that they’re in the UK – we know that they communicate online amongst themselves in a range of different platforms and channels, which is, I guess, key to their ability to then be able to operate as a collective.”
Be the first to hear the latest developments in the cyber industry.
