Scattered Spider poses serious risk to several hundred major companies

The cybercrime group Scattered Spider’s tactics put a group of roughly 300 major companies at heightened risk of attack, according to a new report from security firm CyberCube.

The 287 firms represent approximately 2% of organizations with revenues above $500 million, according to CyberCube’s analysis of more than 15,000 companies in key global markets. The analysis covers eight regions, including the U.S., the U.K., Canada, Australia, Germany, France, Japan and Singapore.

Each company uses at least three technologies that Scattered Spider is known to target and has security conditions that are ripe for the group’s attacks.

“The high-risk designation is primarily based on the presence of technologies Scattered Spider has exploited in past attacks,” William Altman, cyber threat intelligence lead at CyberCube, said via email.

Scattered Spider has abused Microsoft Active Directory, Okta and multiple remote-management and help-desk tools.

Since emerging in 2022, Scattered Spider has frequently used sophisticated voice phishing and other social-engineering methods to trick IT help desks into providing credentials or bypassing multifactor authentication.

The group recently launched a new wave of attacks, first targeting American and British retailers in April, before switching to insurance companies in June and later airlines and other transportation companies. The hackers first achieved global prominence in 2023 after crippling attacks on the hospitality industry, including MGM Resorts in Las Vegas.