img

Is Scattered Spider Back in Action with New Attacks on the Financial Sector?

Is Scattered Spider Back in Action with New Attacks on the Financial Sector?

Published: 2025-09-17 08:49:00 | Category: Finance-Savings

Recent cyber attacks targeting the financial services sector have been linked to the notorious group Scattered Spider, despite their assertions of going "dark". According to the threat intelligence firm ReliaQuest, the group appears to have shifted focus to the financial industry, evidenced by an uptick in lookalike domains and a targeted intrusion against a U.S. banking organisation.

Last updated: 27 October 2023 (BST)

Key Takeaways

  • Scattered Spider has targeted financial institutions, indicating a shift in focus.
  • A recent attack involved social engineering to gain access to sensitive documents.
  • The group’s claims of retirement are viewed with skepticism by experts.
  • Cybercriminals often regroup and rebrand rather than disband entirely.
  • Staying vigilant against evolving cyber threats is essential for organisations.

The Rise of Scattered Spider

Scattered Spider is a cybercrime group that operates within a larger collective known as The Com. This group has gained notoriety for its sophisticated techniques and its ability to infiltrate high-profile targets. Recent activities suggest they are ramping up efforts against financial institutions, a sector that has become increasingly vulnerable to cyber attacks.

Recent Cyber Attacks on Financial Services

ReliaQuest's intelligence indicates that Scattered Spider has been involved in a series of cyber attacks specifically targeting the financial services sector. This is particularly concerning, as financial institutions are often prime targets due to the sensitive nature of their data and the potential for substantial financial gain for attackers.

Methodology of Attacks

The recent intrusion against a U.S. banking organisation serves as a case study of the group's tactics. Initial access was gained by socially engineering an executive’s account, which involved resetting their password through Azure Active Directory Self-Service Password Management. This highlights the growing trend of cybercriminals utilising social engineering to exploit human vulnerabilities.

Steps Taken by Scattered Spider

Once inside the system, the attackers executed a series of sophisticated maneuvers:

  1. Accessed sensitive IT and security documents.
  2. Moved laterally through the Citrix environment and Virtual Private Network (VPN).
  3. Compromised VMware ESXi infrastructure, leading to credential theft.
  4. Reset a Veeam service account password to escalate privileges.
  5. Assigned Azure Global Administrator permissions to enhance control.
  6. Relocated virtual machines to avoid detection.

Data Exfiltration Attempts

Beyond gaining access, there are indications that Scattered Spider attempted to exfiltrate data from various sources, including Snowflake and Amazon Web Services (AWS). This raises alarms about the potential for sensitive financial data to be leaked or sold on the dark web, posing severe risks to affected institutions.

Exit or Smokescreen?

The recent claims by Scattered Spider that they were ceasing operations have been met with considerable scepticism from cybersecurity experts. According to Karl Sigler, a security research manager at Trustwave, such announcements are often strategic moves rather than actual disbandment. Groups like Scattered Spider may be attempting to distance themselves from increasing law enforcement scrutiny.

Understanding the Implications

Sigler's insights suggest that the farewell letter from Scattered Spider should be interpreted as a tactical retreat. This strategy allows the group to reassess its operations and evade detection by law enforcement, complicating efforts to attribute future attacks to them. It's crucial for organisations to remain alert, as cybercriminals are known to regroup and return under new identities.

Why It Matters

Given the sophisticated nature of these attacks and the shifting focus towards financial services, organisations need to strengthen their cybersecurity measures. The financial sector is particularly at risk due to the valuable data it holds, making it imperative for institutions to remain vigilant and proactive against cyber threats.

How to Stay Vigilant Against Cyber Threats

Organisations should implement a comprehensive cybersecurity strategy that includes:

  • Regularly updating security protocols and software.
  • Conducting employee training on identifying social engineering tactics.
  • Implementing multi-factor authentication for sensitive accounts.
  • Monitoring network activity for unusual behaviour.
  • Engaging in regular audits and vulnerability assessments.

The Future of Cybersecurity in Financial Services

The emergence of cybercrime groups like Scattered Spider underscores the need for continual evolution in cybersecurity practices. With the financial sector facing an ever-increasing array of threats, the importance of a robust defensive posture cannot be overstated. As organisations adapt to these evolving threats, collaboration and information sharing within the industry will become crucial components of an effective cybersecurity strategy.

Conclusion

The recent activities of Scattered Spider highlight the persistent and evolving nature of cyber threats targeting the financial services sector. As these groups adapt their strategies, organisations must remain vigilant and prepared to defend against potential attacks. Investing in improved cybersecurity measures and fostering a culture of awareness can significantly mitigate the risks posed by cybercriminals.

FAQs

What is Scattered Spider?

Scattered Spider is a cybercrime group known for its sophisticated hacking techniques and focus on financial services. They are part of a larger collective called The Com and have been linked to various cyber attacks.

How did Scattered Spider gain access to the banking organisation?

The group gained access by socially engineering an executive’s account and resetting their password via Azure Active Directory Self-Service Password Management, allowing them to infiltrate sensitive systems.

What should organisations do to protect against such cyber threats?

Organisations should enhance their cybersecurity protocols, conduct regular employee training, implement multi-factor authentication, and monitor network activity for signs of unusual behaviour to protect against cyber threats.

Are Scattered Spider's claims of retirement credible?

Experts view Scattered Spider's claims of retirement with scepticism, considering it more likely a strategic move to evade law enforcement pressure rather than an actual disbandment.

What are the implications of cyber attacks on financial services?

Cyber attacks on financial services can lead to significant data breaches, financial losses, and damage to reputation, making it critical for organisations to remain vigilant and proactive.

Latest News
Could a Long-Lost Insect Thought Extinct Since 2016 Be Back in Wales?
Could a Long-Lost Insect Thought Extinct Since 2016 Be Back in Wales?
What Are the Latest Team News and Predicted Lineups for Man Utd vs Chelsea?
What Are the Latest Team News and Predicted Lineups for Man Utd vs Chelsea?
Are You Ready for the Second Round of September Social Security Payments?
Are You Ready for the Second Round of September Social Security Payments?