November 17, 2023 at 03:56PM
The cybercrime group known as Scattered Spider has been able to successfully attack US organizations without being disrupted or arrested, despite federal law enforcement being aware of their identities for over six months. The FBI and CISA have released an advisory to help organizations defend against Scattered Spider, but it remains unclear why the group has not been apprehended. The group uses fear and threats of violence to pressure victims into paying, and their recent targeting of hospitality and entertainment organizations has gained them attention. Law enforcement is struggling to adapt to the challenges posed by cybercriminals like Scattered Spider.
Meeting Takeaways:
1. Scattered Spider, a cybercrime group responsible for hacking MGM Resorts and Caesars Entertainment, is still successfully attacking US organizations without facing any disruptions or arrests.
2. Despite federal law enforcement knowing the identities of the group’s members, no arrests have been made in the last six months.
3. The FBI and CISA released an advisory on Scattered Spider, providing indicators of compromise and recommendations for organizations to enhance their cybersecurity posture.
4. The group, also known as UNC3944 or Octo Tempest, is known for its aggressive and disruptive cybercrimes, including threats of physical violence.
5. Scattered Spider utilizes fear-mongering tactics, targeting specific individuals through phone calls and texts, to coerce victims into sharing credentials.
6. The group has been active since 2022, initially using phishing kits and SIM swaps. They later became an affiliate of the ransomware-as-a-service provider BlackCat and improved their social engineering techniques.
7. The recent targeting of hospitality and entertainment organizations has brought increased attention to Scattered Spider.
8. Traditional law enforcement entities like the FBI are struggling to adapt to the challenges posed by cybercriminals, resulting in difficulties in disrupting groups like Scattered Spider.
9. To combat Scattered Spider’s attacks, individual enterprise security teams must implement recommended mitigations and defenses.
10. The cybersecurity community will continue to monitor Scattered Spider’s activities and await further developments, including arrests.