Updated Security Advisory: Scattered Spider Focuses on Cloud Apps

Written By: Kevin Johnson

**Attorney Advertisement: Prior results do not guarantee future outcomes**

The shift of Scattered Spider to cloud-based attacks underscores an evolving cyber threat landscape to bypass and take advantage of cloud security measures, such as MFA, EDR, VPNs, and secure configurations. Here are detailed insights into the TA’s approach and practical steps to mitigate the risk of falling victim to this tactic.

Expanded Tactics and Targets:
• Infiltration via compromised cloud service accounts.
• Phishing scams to gain initial account access.
• Targeting administrative and API credentials to maximize access.
• Exploiting misconfigurations in SaaS applications for deeper penetration.

Comprehensive Defense Strategies:
• Conduct regular audits of account and service permissions to detect anomalies.
• Train staff to recognize and handle phishing attempts effectively.
• Implement strict controls and monitoring on administrative and API access.
• Implement additional steps to authentical users requests through secure processes, such as manager verification and outreach via internal contact lists.

The Beckage Firm regularly advises our clients to authenticate requests, especially support and financial in nature. Technical controls are not the only answer, secure processes are equally as important. Requestors should always be authenticated through secure means.