Scattered Spider: Identifying the Sectors Most Vulnerable to Cyber Extortion
In an era where cyber threats are evolving at an unprecedented pace, identifying and mitigating risks has become a top priority for businesses across the globe. CyberCube, a leader in cyber risk analytics, has released new insights into which sectors are most vulnerable to attacks by Scattered Spider, a notorious ransomware-and-extortion group that has rapidly risen to prominence on the global threat landscape.
The Rise of Scattered Spider
Scattered Spider first emerged as a relatively unknown social-engineering crew in 2022. However, over the past year, the group has transformed itself into one of the most aggressive players in the cybercrime ecosystem. What sets Scattered Spider apart is its ability to adapt and execute sophisticated attacks across diverse industries, including manufacturing, education, IT, retail, insurance, and airlines.
The group’s modus operandi involves leveraging advanced social engineering techniques such as impersonation of help desk personnel, authentication bypass methods, and exploiting security weaknesses within corporate networks. These tactics have enabled Scattered Spider to infiltrate high-value organizations, causing significant financial damage and operational disruptions.
Key Sectors at Risk
According to CyberCube’s analysis, four key sectors stand out as being particularly susceptible to Scattered Spider’s malicious activities: Manufacturing, Education, IT, and Retail. These industries share common vulnerabilities that make them prime targets for cybercriminals. For instance, many organizations within these sectors rely heavily on outdated technologies or exhibit weak security postures, providing Scattered Spider with opportunities to exploit gaps in their defenses.
CyberCube conducted a comprehensive study of approximately 15,000 companies spanning eight major markets: the USA, UK, Canada, Australia, Germany, France, Japan, and Singapore. Their findings revealed alarming trends about the exposure levels of these companies. Specifically, 2% of firms with annual revenues exceeding $500 million were identified as facing the highest likelihood of falling victim to Scattered Spider attacks. This translates to 287 high-risk companies that use three or more technologies frequently targeted by the group, combined with glaring security lapses.
Medium-risk organizations—totaling 1,037 companies, or 7% of the sample—were found to use at least one technology favored by Scattered Spider while also displaying security flaws that could allow partial progression through the attack lifecycle. Such vulnerabilities give attackers room to maneuver and potentially achieve their objectives.
Leveraging Technology to Mitigate Risk
To address this growing concern, CyberCube offers its Portfolio Threat Actor Intelligence (PTI) solution, designed specifically for cyber risk exposure managers. PTI leverages artificial intelligence (AI) to map the behavior of cyber threat actors like Scattered Spider and identify the technologies they target most frequently. By integrating AI-driven insights into their workflows, portfolio managers can better understand the technological and security overlaps between seemingly unrelated sectors and insured entities.
William Altman, Head of Cyber Threat Intelligence Services at CyberCube and author of the accompanying blog post, emphasized the importance of proactive measures. He stated, “Our analysis not only highlights areas of elevated risk but also presents a strategic opportunity for cyber insurers to take preemptive action. By managing exposure and incentivizing stronger security practices, we can reduce the likelihood of future incidents.”
Altman further underscored the need for stakeholders to move beyond generalized assumptions about sector-specific risks. Instead, he advocates for a granular approach that considers individual organizational factors, such as technology usage patterns and existing security gaps.
A Call to Action for Businesses and Insurers
The implications of CyberCube’s findings extend beyond just understanding current vulnerabilities; they provide actionable steps for both businesses and the insurance industry. For companies operating in high-risk sectors, the message is clear: invest in robust cybersecurity measures now to avoid becoming low-hanging fruit for groups like Scattered Spider. This includes patching known vulnerabilities, adopting multi-factor authentication protocols, and training employees to recognize phishing attempts and other forms of social engineering.
For cyber (re)insurers, the PTI tool serves as a critical resource for assessing and mitigating risks within their portfolios. By identifying high- and medium-risk organizations early, insurers can work closely with clients to strengthen their defenses and minimize potential losses. Moreover, the data provided by tools like PTI can inform underwriting decisions and pricing strategies, ensuring that premiums reflect the true level of risk associated with each client.
About CyberCube
CyberCube is the leading provider of software-as-a-service cyber risk analytics to quantify cyber risk in financial terms. Driven by data and informed by insight, we have harnessed the power of artificial intelligence to supplement our multi-disciplinary team. Our clients rely on our solutions to make informed decisions about managing and transferring cyber risks. We unpack complex cyber threats into clear, actionable strategies, translating cyber risk into financial impact on businesses, markets, and society as a whole.
The CyberCube platform was established in 2015 within Symantec and now operates as a standalone company. Our models are built on an unparalleled ecosystem of data and validated by extensive model calibration, internally and externally. CyberCube is the leader in cyber risk quantification for the insurance industry, serving over 100 insurance institutions globally. The company’s investors include Forgepoint Capital, HSCM Bermuda and Morgan Stanley Tactical Value.
