How Scattered Spider hackers are wrecking havoc on corporate America
Why it matters: Scattered Spider hasn't had to evolve much to remain effective — a sign of how little corporate cybersecurity defenses have improved.
The group's tactics, including help desk impersonation and SIM swapping, continue to wreak havoc across critical industries.
Driving the news: Over the past month, Scattered Spider has been on a hacking spree that's disrupted operations at retailers, grocery chains, insurance providers, and airlines across the U.S., the U.K. and Canada.
Their reach may also now extend into Australia, where Qantas is investigating a cyberattack on one of its call centers — a hallmark tactic of Scattered Spider.
The big picture: Unlike most ransomware gangs, Scattered Spider isn't a monolithic, state-sponsored machine. It's a loose collective, largely made up of teenagers and young men who emerged from online gaming communities like Roblox and Minecraft.
"Scattered Spider includes more people in Western countries than other ransomware groups," Cynthia Kaiser, senior vice president of Halcyon's Ransomware Research Center and a former top FBI cyber official, told Axios.
But while originally rooted in English-speaking countries, it's evolved into a more global operation, she said.
Breaking it down: The group operates like a business, with a leadership structure, junior associates and temporary roles. Some members' sole job is to call help desks and reset employee passwords.
Adam Meyers, SVP of counter adversary operations at CrowdStrike, told Axios the group's origin lies in a toxic subset of gaming culture, where online harassment evolved into SIM swapping and eventually ransomware.
Scattered Spider's core includes about four leaders, but its operations are interwoven with members of the broader online community " The Com," which has ties to cybercrime and real-world violence, experts said.
How it works: The group's primary tactic remains voice-based phishing where they call a company's overseas help desk, impersonate an employee, and reset their single sign-on passwords.
They then use SIM swapping to intercept multifactor-authentication codes.
In recent incidents, the group has escalated attacks by targeting ESXi hypervisors — systems that power a company's servers and digital operations but often fly under the radar of traditional security tools. Once inside, they deploy ransomware and cripple the server environment.
"They're ninjas with identity," Meyers said. "They know how to avoid modern security tools ... and they're incredibly fast — in some cases, there's less than 24 hours between gaining access to deploying ransomware."
Meyers added that his team has identified seven unique voices calling help desks in recent months.
Flashback: Scattered Spider first made headlines in 2023 with attacks on Las Vegas casinos, including MGM Resorts and Caesars Entertainment. Two years later, their methods remain largely unchanged.
"It's largely the same, frankly," Meyers said. "Once they figure out one organization that they can successfully get into, then they go, 'We're here, who are their peers, who are their competitors, who else is there that we can perhaps go after?'"
Threat level: Scattered Spider is now collaborating with Russian ransomware gangs, including those behind Play, Akira and DragonForce, Kaiser said.
Between the lines: Despite the group's Western presence, law enforcement faces obstacles in tracking them down.
Many members are minors, which gives them different legal protections, Meyers said. And if they have any mental health conditions, officials in some countries where the group operates are limited in how long they can hold them and what charges they can pursue.
For instance, when authorities arrested members of the Lapsus$ hacking gang — another group involving juvenile offenders — prosecutors struggled to proceed against a 17-year-old despite clear evidence of major corporate breaches.
Kaiser noted that identifying every member of Scattered Spider is difficult due to the group's sprawling, decentralized nature.
The intrigue: Still, U.S. officials have made more arrests tied to Scattered Spider than to Russian ransomware crews. In November, five men were charged in connection with the group.
The bottom line: outdated MFA methods like SMS and voice codes.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
an hour ago
- Yahoo
Scattered Spider poses serious risk to several hundred major companies
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter. The cybercrime group Scattered Spider's tactics put a group of roughly 300 major companies at heightened risk of attack, according to a new report from security firm CyberCube. The 287 firms represent approximately 2% of organizations with revenues above $500 million, according to CyberCube's analysis of more than 15,000 companies in key global markets. The analysis covers eight regions, including the U.S., the U.K., Canada, Australia, Germany, France, Japan and Singapore. Each company uses at least three technologies that Scattered Spider is known to target and has security conditions that are ripe for the group's attacks. 'The high-risk designation is primarily based on the presence of technologies Scattered Spider has exploited in past attacks,' William Altman, cyber threat intelligence lead at CyberCube, said via email. Scattered Spider has abused Microsoft Active Directory, Okta and multiple remote-management and help-desk tools. Since emerging in 2022, Scattered Spider has frequently used sophisticated voice phishing and other social-engineering methods to trick IT help desks into providing credentials or bypassing multifactor authentication. The group recently launched a new wave of attacks, first targeting American and British retailers in April, before switching to insurance companies in June and later airlines and other transportation companies. The hackers first achieved global prominence in 2023 after crippling attacks on the hospitality industry, including MGM Resorts in Las Vegas. CyberCube said that manufacturing, retail, education and IT are the sectors most at risk from the threat group. The company's report is designed to give some early guidance to the insurance sector about how to potentially mitigate risk. Recommended Reading Okta CEO pushes for passwordless future in wake of phishing attacks Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Hamilton Spectator
2 hours ago
- Hamilton Spectator
Trump promises West African leaders a pivot to trade as the region reels from sweeping aid cuts
WASHINGTON (AP) — President Donald Trump promised West African leaders a pivot from aid to trade during a White House meeting Wednesday as the region reels from the impact of sweeping U.S. aid cuts. Trump said he sees 'great economic potential in Africa' as the leaders of Liberia, Senegal, Gabon, Mauritania and Guinea-Bissau boasted of their countries' natural resources and heaped praise on the U.S. president, including their thanks for his help in settling a long-running conflict between Rwanda and the Democratic Republic of Congo. Trump described the nations represented at the meeting as 'all very vibrant places with very valuable land, great minerals, and great oil deposits, and wonderful people' — a definite shift from his first term, when he used a vulgar term to describe African nations. The meeting comes amid a shift in U.S. global and domestic priorities under Trump's leadership. Earlier this month, U.S. authorities dissolved the U.S. Agency for International Development and said it was no longer following what they called 'a charity-based foreign aid model' and instead would focus on partnerships with nations that show 'both the ability and willingness to help themselves.' The five nations whose leaders were meeting Trump represent a small fraction of U.S.-Africa trade, but they possess untapped natural resources. Senegal and Mauritania are important transit and origin countries when it comes to migration and along with Guinea-Bissau are struggling to contain drug trafficking, both issues of concern for the Trump administration. In their speeches, each African leader adopted a flattering tone to commend Trump for what they described as his peace efforts across the world and tried to outshine one another by listing the untapped natural resources their nations possess. 'We have a great deal of resources,' said Mohamed Ould Ghazouani, president of Mauritania, listing rare earths, as well as manganese, uranium and possibly lithium. 'We have a lot of opportunities to offer in terms of investment.' The portion of the lunch meeting that was open to the press didn't touch much on the loss of aid, which critics say will result in millions of deaths. 'We have closed the USAID group to eliminate waste, fraud and abuse,' Trump said Wednesday. 'And we're working tirelessly to forge new economic opportunities involving both the United States and many African nations.' West African countries are among the hardest hit by the dissolution of USAID. The U.S. support in Liberia amounted to 2.6% of the country's gross national income, the highest percentage anywhere in the world, according to the Center for Global Development. Liberian President Joseph Nyuma Boakai in a statement 'expressed optimism about the outcomes of the summit, reaffirming Liberia's commitment to regional stability, democratic governance and inclusive economic growth.' During the meeting, Trump reacted with visible surprise to Boakai's English-speaking skills, which he praised. English is the official language of Liberia, which was established in the early 1800s with the aim of relocating freed African slaves and free-born Black citizens from the United States. Gabon, Liberia, Mauritania and Senegal are among 36 countries that might be included in the possible expansion of Trump's travel ban. ___ Pronczuk reported from Dakar, Senegal. Error! Sorry, there was an error processing your request. There was a problem with the recaptcha. Please try again. You may unsubscribe at any time. By signing up, you agree to our terms of use and privacy policy . This site is protected by reCAPTCHA and the Google privacy policy and terms of service apply. Want more of the latest from us? Sign up for more at our newsletter page .
USA Today
2 hours ago
- USA Today
Gamblers are 'screaming from rooftops' over obscure provision in Trump's big bill
The tax deduction change for gamblers is estimated to generate $1 billion for the federal government over the next 10 years, according to the Congressional Budget Office. WASHINGTON − What happens in Vegas will be staying more with the IRS from now on. That's because of an obscure provision to reduce the tax deduction for gambling losses, which Congress recently approved in President Donald Trump's top priority second-term legislative package. The provision is projected to raise $1 billion for the government over the next decade.'People are screaming from rooftops about it,' Brett Abarbanel, executive director of the International Gaming Institute at University of Nevada Las Vegas, told USA TODAY. "This was very quickly noticed. I'll call it uproar." What does the tax provision for gambling do? The new law gives the phrase "cutting losses" a whole new meaning. Gamblers currently deduct 100% of their losses from their winnings off their income taxes. But starting Jan. 1, 2026, under the new law, the deduction for losses goes down to 90%. While that 10% decrease may not sound like much, experts who study the industry say it would cut severely into a gambler's profits. In some cases, a professional gambler could owe taxes despite losing more than winning in a year. More: As sports betting skyrockets, more Americans search for addiction help, study finds 'Professional and high-stakes poker players, sports bettors and handicappers are about to be taxed out of business,' said Nelson Rose, a law professor emeritus at Whittier Law School. "Either that or they will move their action overseas to foreign jurisdictions that don't report gambling winnings to the IRS.' Phil Galfond, a professional poker player, said on social media 'what this means in plain English' is that a gambler who wins $100,000 and loses $100,000 in one year will still owe tax on $10,000 of 'phantom' income because only $90,000 of the losses will be deductible. As the numbers ramp up, the implications become more dire for high rollers. A professional who wins $3 million and loses $2.8 million in one year would have earned $200,000 but will be taxed on $480,000. 'You could pay more in tax than you won,' Galfond said on social media July 1. How many people does the gambling provision affect? The change in tax law comes amid an explosion in online betting, through the widespread legalization of online sports wagering. U.S. commercial gaming revenue reached an annual record of nearly $72 billion in 2024, according to the American Gaming Association. It was the fourth straight year of record revenue, up from $66.5 billion in 2023. The total included nearly $50 billion in revenue at traditional casinos, nearly $14 billion through sports betting and $8.4 billion from online gaming. Online gaming rose from about $2.4 billion the previous year. Gambling experts say the change in tax law could hurt professional gamblers who deal in razor-thin profit margins but probably not casual bettors. In 11 states were sports gambling was legalized, people increased their betting from 99 cents to $4.63 per month, according to an academic study by Wayne Taylor, Daniel McCarthy and Kenneth Wilbur. The study found 'the vast majority' – 99% of players during a five-year period – deposited less than $20,500 in their accounts. 'For the casual bettor, the direct impact appears negligible,' Taylor, an assistant professor of marketing at Southern Methodist University, told USA TODAY. 'This volume is unlikely to trigger the need for itemized deductions.' More: Big Beautiful Bill 101: What you need to know about the new law The chips quickly add up for heavier hitters. The Congressional Budget Office estimated the gambling tax provision would generate more than $1 billion over 10 years for the federal government. Taylor said professional gamblers facing higher taxes 'could make professional gambling in the U.S. entirely unprofitable.' 'It could mean paying more in taxes than they actually earn,' Taylor said. New tax law could send gamblers offshore or to unregulated outlets: experts A risk to the industry and the governments that regulate it is that gamblers will stop reporting their income or move to gambling sites in other countries, according to industry experts. Rose said a double-whammy for gamblers is that casinos, sports books and card rooms report big winnings to the IRS through W-2G or 1099 forms, but gamblers might not track their losses as diligently. 'The real risk is pushing high-volume players offshore,' Taylor said. Another potential beneficiary is the predictions market, which isn't regulated like gambling. Companies such as host 'trades' about predictions like who might be elected president or whether the head of the Federal Reserve will be replaced. One of the president's adult sons, Donald Trump Jr., said he became a strategic adviser to Kalshi in January after trading on the prediction that his father would win the 2024 election while 'biased outlets called the race a coin toss.' 'I'm excited to be a part of what they're building,' Trump Jr. said on social media Jan. 13. Some Democratic lawmakers seek to erase provision from GOP bill Industry lobbyists and Nevada lawmakers are trying to erase the two paragraphs from the nearly 900-page bill. But those prospects are uncertain because Republicans narrowly approved the carefully calibrated bill in the House and Senate, and the president has since signed it into law. 'We look forward to President Trump's expected signing and will work closely with Congress in the coming months to address the changes to wagering deduction losses and further modernize the tax code,' the American Gaming Association said in a statement July 3. Reps. Dina Titus, D-Nevada, and Ro Khanna, D-California, introduced legislation July 7 – three days after Trump signed the bill into law – to remove the provision. 'This common-sense legislation will bring fairness back to gaming taxation, making sure that gamblers can fully deduct losses when they report their winnings,' Titus said on social media July 3. 'We should be encouraging players to properly report their winnings and wager using legal operators.'
