CyberWire Daily Creeping like a spider. [Research Saturday]
8 snips
Jul 19, 2025 
George Glass, Associate Managing Director of Kroll's Cyber Risk business, sheds light on the tactics of the cybercrime group Scattered Spider. They delve into Scattered Spider's recent focus on insurance companies and their fear-based social engineering techniques. Glass explores their cartel-like structure and aggressive strategies, including insider recruitment from telecoms. Key discussions focus on adapting defense mechanisms against such evolving threats, as well as the significance of proactive measures for vulnerable industries.
AI Snips
Chapters
Transcript
Episode notes
Clustered Industry Targeting
- Scattered Spider targets industries in clusters, likely for lateral movement between affiliated organizations.
- Their approach leverages shared suppliers and event-driven access to further attacks efficiently.
Multi-step Social Engineering Attack
- Perform multiple social engineering calls to help desk staff to reset passwords or change MFA.
- Use obtained credentials to conduct business email compromise and gather VPN and remote access info.
Rapid Cloud Exploitation
- Scattered Spider shows high proficiency in quickly exploiting SaaS and cloud environments.
- They move rapidly to exfiltrate data before ransomware deployment occurs.