The hackers behind the high street hassle

These incidents have drawn significant attention and make it seem like it’s only the retail sector under attack by this group. In reality, the group’s activities extend far beyond the retail sector, impacting industries such as manufacturing, architectural and engineering, healthcare and energy.

Hacking methods

Scattered Spider employs a range of techniques to infiltrate organisations, but the primary ones include:

• Social engineering: SMS and voice phishing (smishing and vishing) to trick employees into revealing credentials for single sign-on (SSO) dashboards, Microsoft Office 365/Azure, VPNs, and edge devices.
• Multifactor Authentication (MFA) bypass: They exploit SIM-swapping, MFA notification fatigue, and manipulate IT helpdesk agents into resetting MFA methods for targeted accounts.
• Credential harvesting and identity abuse: They lure victims to phishing sites that capture login details, often targeting accounts belonging to IT and security personnel to gain access to tools and documentation.
• Ransomware deployment: The group has adopted ransomware as a primary means of extortion, encrypting victim data and demanding payment for decryption keys.

Protective measures against Scattered Spider

Organisations can take several steps to mitigate the risk of cyberattacks from groups like Scattered Spider.

• Strengthen authentication: Implement robust MFA policies that do not allow SMS prompts to reduce the risk of SIM-swapping attacks. Number matching MFA should be turned on to stop MFA fatigue attacks.
• Employee training: Educate staff on recognising phishing attempts and social engineering tactics to prevent credential theft.
• Regular security audits: Conduct frequent security assessments to identify vulnerabilities and implement a patch regime. In particular, it is reported that Scattered Spider is utilising recent vulnerabilities found in VMWare.
• Endpoint Detection and Response (EDR): Deploy advanced anti-malware solutions that monitor behaviours and respond to suspicious activities in real time.
• Incident response plans: Create and rehearse how your organisation will respond to cyber incidents.

Our Associate Director for Cyber, Stew Hogg, takes a look at this latest series of incidents which the NCSC CEO calls a 'cyber security wake-up call' - read more here. 

As well as death and taxes, cyber security incidents are a certainty. Having protections, monitoring and awareness training in place can make the difference between functioning normally and becoming another statistic.

Does your team need a cyber wake-up call?

Find out more about the cyber security services we offer here. Or get in touch with the team directly at cyber@waterstons.com