November 17 – U.S. cyber security and intelligence agencies have issued a joint advisory on the cybercriminal group known as Scattered Spider – a group notorious for carrying out sophisticated phishing campaigns.

Scattered Spider is associated with the Gen Z cybercrime ecosystem known as the Com, which engages in illegal activities and swatting attacks.

These threat actors specialize in stealing data and extorting their victims using various social engineering methods. Their methods include phishing, prompt bombing, and SIM swapping to acquire credentials and bypass MFA protocols.

To fool their targets, the group impersonates IP and help desk staff via phone calls and SMS messages. Affiliated with the BlackCat ransomware gang, Scattered Spider utilizes sophisticated tools in coordination with other crime syndicates to launch their cyberattacks.

Scattered Spider serves as a reminder for companies to implement phishing-resistant MFA, enforce recovery plans, maintain offline backups, and adopt application controls.

For more on multi-factor authentication best practices, check out this article. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.