CyberCube, the global leader in cyber risk analytics, has identified Manufacturing, Education, IT, and Retail as the sectors most at risk of attacks from Scattered Spider, the versatile extortion crew behind the recent spate of high-profile hacks.
Scattered Spider has evolved from a newly identified social‑engineering crew in 2022 into one of the most aggressive ransomware‑and‑extortion outfits on today’s threat landscape. Since April this year, Scattered Spider has been moving swiftly across industries, leaving financial losses in its wake. The group has expanded its campaigns across seemingly unrelated sectors, including retail, insurance, and airlines, using sophisticated social engineering tactics such as help desk impersonation and authentication bypass to infiltrate high-value corporate networks.
Cyber risk exposure managers can leverage CyberCube’s Portfolio Threat Actor Intelligence (PTI) solution to pinpoint organizations in their portfolios most at risk of being targeted by Scattered Spider. CyberCube has analyzed a portfolio of approximately 15,000 companies from key global markets, segmenting them into risk tiers based on their exposure to Scattered Spider, specifically their technology footprint and observed security weaknesses.
The analysis found that 2% of companies with revenues over $500 million across eight key cyber (re)insurance markets — USA, UK, Canada, Australia, Germany, France, Japan, and Singapore — face the highest likelihood of being targeted by Scattered Spider.
CyberCube identified 287 high-risk companies (2%) that use three or more technologies frequently targeted by Scattered Spider, combined with security lapses the group is known to exploit. Notably, high-risk companies also tolerate security conditions that may allow the threat actor to complete critical steps across the attack lifecycle and ultimately achieve their objectives. Medium-risk companies (1,037, or 7%) use at least one of the group’s preferred technologies and exhibit security weaknesses that could enable only partial progression through the attack lifecycle. In a blog published online, CyberCube has also provided an industry breakdown of the high-risk companies for potential Scattered Spider attacks.
William Altman, Head of Cyber Threat Intelligence Services and blog author, said: “CyberCube’s analysis reveals both a current cluster of elevated risk in the market and a strategic opportunity for cyber (re)insurers to act preemptively by managing exposure and incentivizing better security before Scattered Spider strikes again. For portfolio managers, our findings reinforce the need to move beyond broad sector assumptions and focus on mapping technological and security posture overlaps across seemingly unrelated sectors and insureds.”
Portfolio Threat Actor Intelligence (PTI) harnesses the power of Artificial Intelligence (AI) to map the behaviour of cyber threat actors and the technologies they most frequently target. It is included as part of the CyberCube Concierge Threat Intelligence service — a first-of-its-kind offering designed specifically for the unique needs of cyber (re)insurers, built by experts in cyber threat intelligence, risk, and insurance.
CyberCube’s blog can be found here: CyberCube: 2% of Large Firms at Highest Scattered Spider Risk.
Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!