by In August 2022, the workers from Twilio received text messages, which allegedly come from the IT department of their company. The texts claimed that their passwords had expired or that their schedule had changed and that they had to register with their work accounts.
A link was made available that brought it to a target page that looked identical to the registration page for the US communication company. It was convincing enough that several employees fell into the fraud, which led to the data of around 125 customers.
The scale was small, but the attack was remarkable for his sophistication. It was part of a number of successful attacks on telecommunications companies this year, which soon spread to casinos in 2023, and then span over to industries, telecommunications, finance, games, hospitality and retail.
The group of hackers, which became known as scattered spider, caused hundreds of millions of pounds, with top-class destinations in Great Britain including M&S and Co-OP.
On Friday, the FBI published an alarm warning that scattered spiders now turned its focus on US airlines. So who exactly are you and how could you harvest such a chaos?
Who is scattered spider?
It is believed that the group has formed through online hacker forums, which mainly consist of English-language teenagers in the UK and the USA.
A comprehensive profile of the cyber criminals, compiled by Melissa Deorio in the cyber security consulting company S-RM, revealed the origins, behaviors and members of the group.
The report, shared with The independentdescribes scattered spiders as “a number of predominantly English-language cyber criminals in indigenous up to 16-, which have emerged in a number of underground hacking groups that are collectively known as” the community “or ‘The Com'”.
The broad spectrum of the goals is called “Big Game Hunters” and has fallen victim to more than 100 companies their social engineering attacks.
“Scattered spider is more of a loose affiliation to individuals than a coherent criminal outfit. There is no clearly defined hierarchy and does not retain a“ brand ”in the type of ransomware operator such as Akira or Lockbit.” “Group members seem to be motivated by money and through awareness.”
In 2024, at least seven scattered spider members were arrested, including the alleged leader Tyler Buchanan. The 23-year-old British citizen was arrested at an airport in Spain last June when he tried to fly to Italy.
Despite the arrests, attacks of scattered spiders have continued to escalate in the months since then.
How you work
Sprapped spiders usually aims at the IT Helpdesk of an organization by acting as one of his employees who use publicly available information that can be found online.
The S-RM report reports that the employees are usually IT personnel and network engineers at the middle level.
“The group can convince Helpdesk employees to quickly reset employee accounts,” the report said. “In some cases, the group also buys account access from initial access brokers on the dark web.”
This type of social engineering attack uses what some security researchers call most important organizations: people.
By tricking people, the attackers can be able to bypass security systems with several million pounds by simply resisting registration.
These attacks have become more and more common in recent years with the rise of generative artificial intelligence, which means that cybercriminals can quickly create targeted campaigns without being hindered by language barriers or writing skills.
“[Scattered Spider] Attacks show that people regardless of this The independent.
“Even experienced IT employees can fall in love with social engineering, especially if it is of essential importance for all employees.”
