Scattered Spider Hackers Hunted By FBI, Victims Urged To Come Forward

But it’s not just casinos and hotels that are in danger, as telecom companies and healthcare groups, among others, are also targets of their criminal activity.

The scattered spider hacking group infiltrates organizations by creating fake profiles and tricking help desk operators into giving them access to sensitive data.

Once they have access, they monitor the organizations activities by gaining access to an internal team’s communication platforms like Slack, Microsoft Teams, and Google Meets, and internal emails.

They also find ways to sneak into teleconferences so they can not only find out what avenues are being searched so they could cover their tracks, but also make themselves aware of other system vulnerabilities that they could exploit in the future.

The FBI and Cybersecurity and Infrastructure Security Agency (CISA) are working together to gather evidence that could incriminate the scattered spider hacking group, and they’ve put out a call to action to help move their investigation along.

They’ve urged affected organizations to start documenting whatever they can so they can build a case. If scattered spider victims have samples of the malicious coding that has made its way into their systems, ransom notes, or cryptocurrency wallet information on record, then the investigation can be expedited.

That’s because a big enough breadcrumb trail can potentially lead the agencies to the insidious group.

The investigating agencies are also urging companies to implement heightened security measures.

Something as little as making video calls mandatory, or archiving any communications with suspected individuals could be the smoking gun that they need to put a stop to the harmful data breaches.

If help desks are one of the main points of entry, requiring extra layers of authentication for inbound communications could also prove to be effective.

In regard to paying out ransoms, both the FBI and CISA have made it clear that giving the cyber criminals what they want will create a problem that’s two-fold. If ransoms are paid out, there’s no guarantee that the scattered spider group will cooperate and hand over any assets that they have stolen.

What’s more, receiving a ransom payment is exactly what they’d like to happen, which will encourage them to continue breaching data systems because there’s now a monetary incentive to continue hacking.

Data privacy is nothing to scoff at, and any organization can be the next target for the scattered spider group, or other groups with a similar modus operandi.

Most of our private information has been digitized, from payroll records to medical information, and if an organization has their data breached, their employees also become vulnerable.

But if victim organizations do their due diligence in building a case against the scattered spider hacking group, and potential targets remain vigilant in their efforts to prevent a breach from happening, then we’re one step closer to reclaiming our security.