Scattered Spider is a financially motivated criminal gang that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) for initial access into their target’s systems. It’s believed that they are mainly initial access brokers, which would explain why they come from so many different angles and use diverse tools, tactics, and techniques. There is often a lag between the time that they gain entry to their target’s system and the time it takes them to sell that access, lulling victims into a false sense of security.
Scattered Spider are also known for their sophistication when posing as employees contacting helpdesks. Their English skills are so strong that native speakers have a hard time detecting an issue.
The CL0P group is unique in the sense that it is not a ransomware-as-a-service group. A very small but controlled group, their size helps them maintain an aggressive posture during negotiations.
CL0P is particularly well-known for the MoveIT hack. The hackers figured out how to leverage several MoveIT vulnerabilities back in 2021 but they kept it a secret, waiting until 2023, when their intervention was fully automated, to exploit the vulnerability at scale.
Rather than see vulnerabilities and exploits as opportunities to quickly make money, they view their attack campaigns through the lens of various business strategies. The focus, persistence, and money behind their long-term attacks make them especially dangerous.
Keeping tabs on cybercriminal groups and threat intel reports can help tailor your cyber defences. Understanding a group’s tactics, techniques, and procedures can be help with negotiation and outcomes."
Data presented in this Cyber Services Snapshot is derived from global incidents reported to Beazley between Q1 2021 and Q3 2023.
The information set forth in this document is intended as general risk management information. It is made available with the understanding that Beazley does not render legal services or advice. It should not be construed or relied upon as legal advice and is not intended as a substitute for consultation with counsel. Beazley has not examined and/ or had access to any particular circumstances, needs, contracts and/or operations of any party having access to this document. There may be specific issues under applicable law, or related to the particular circumstances of your contracts or operations, for which you may wish the assistance of counsel. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information.
Keeping tabs on cybercriminal groups and threat intel reports can help tailor your cyber defences. Understanding a group’s tactics, techniques, and procedures can be help with negotiation and outcomes."Joel Duquenne