CyberCube has revealed that the notorious hacking group Scattered Spider is rapidly expanding its reach across multiple sectors, raising red flags for firms in Manufacturing, Education, IT, and Retail.
Scattered Spider is a notorious cybercriminal group known for its sophisticated social engineering techniques and aggressive extortion campaigns. Active since at least 2022, the group has been linked to several high-profile ransomware and data breach incidents across various industries.
The group has emerged as one of the most aggressive ransomware and extortion actors on the global threat landscape.
Evolving Threat Actors Reshape Cyber Risk Landscape
Scattered Spider, first identified in 2022, has become a disruptive force in cybercrime, carrying out high-profile breaches across airlines, insurers, and retail giants. Unlike traditional ransomware outfits that typically target specific industries, Scattered Spider has demonstrated a unique ability to infiltrate diverse sectors by exploiting technology footprints and weak authentication protocols.
CyberCube’s latest threat intelligence—based on its AI-driven Portfolio Threat Actor Intelligence (PTI) platform—sheds light on the industries and firms most vulnerable to this new breed of cyber adversaries. According to its analysis of 15,000 companies in global insurance markets, 2% of firms with annual revenues over $500 million are at high risk of attack from Scattered Spider.
These findings are a wake-up call for cyber (re)insurers, who face increasing exposure from attackers leveraging multi-vector techniques. In a blog post detailing the research, William Altman, Head of Cyber Threat Intelligence Services at CyberCube, stated:
“Our findings reinforce the need to move beyond broad sector assumptions and focus on mapping technological and security posture overlaps.”
A Targeted Risk Approach: AI Takes Center Stage in Threat Mapping
CyberCube’s PTI tool uses artificial intelligence to analyze the behaviors of cybercrime groups and identify the specific technologies they tend to exploit. This capability is crucial for risk managers, enabling them to pinpoint organizational vulnerabilities that would otherwise remain hidden beneath surface-level sector assessments.
Among the most common tools exploited by Scattered Spider are remote desktop management systems, identity and access management platforms, and cloud-based help desk tools—technologies that are often deployed across disparate sectors. According to CyberCube, companies that rely on at least three of these technologies while lacking robust security configurations fall into the high-risk tier.
Medium-risk firms—around 7% of those studied—exhibit partial exposure through at least one targeted technology and observable vulnerabilities that could enable an attacker to infiltrate specific phases of the kill chain.
Ransomware Surge: A Rising Cost for Businesses and Insurers
The rise of groups like Scattered Spider underscores a broader trend of increasingly sophisticated ransomware threats. A report by Chainalysis estimated ransomware payments in 2023 to exceed $1.1 billion, a sharp rebound after a temporary dip in 2022. Similarly, IBM’s 2024 Cost of a Data Breach report notes that the average cost of a ransomware breach reached $5.13 million—excluding the ransom itself.
Cyber insurers, already grappling with high claim ratios, are likely to recalibrate underwriting standards in response to these evolving threats. As noted by Fitch Ratings, the U.S. cyber insurance market saw direct written premiums increase by more than 50% year-over-year in 2023, driven largely by increasing risk severity and the surge in ransomware incidents.
CyberCube Calls For Preemptive Defense and Smarter Risk Modelling
CyberCube’s research calls for a more nuanced, data-driven approach to cyber risk management. By understanding the attack lifecycle and the technologies preferred by actors like Scattered Spider, cyber insurers and enterprise risk managers can proactively adjust coverage, enforce stricter cybersecurity standards, and incentivize stronger defense mechanisms.
CyberCube’s findings emphasize the need for real-time intelligence, cross-sector vigilance, and AI-enabled analytics as the front line of defense.
Read Also: Amber International Adds $25.5M to Crypto Reserve Strategy, Backed by Pantera and CMAG
