It has been announced that the threat actor group Scattered Lapsus$ Hunters has claimed responsibility for the recent cyber attack on Jaguar Land Rover. The attackers comprise of three groups, Scattered Spider, ShinyHunters and Lapsus$, who have apparently banded together to conduct more attacks on large targets. Here, Nathan Webb, principal consultant at Acumen Cyber, responds to the news.
“The collaboration between Scattered Spider, ShinyHunters and Lapsus$ will have a big impact on the efficiency of the group.
“The threat actors have clearly come together to improve the effectiveness of establishing initial access to victims, with the group collaborating on techniques and the data they have available to enhance their attacks.
“Scattered Spider is known for its social engineering tactics, while ShinyHunters focuses on extortion and financial gain. It’s likely the partnership with Lapsus$ will continue to extend the group’s capabilities, allowing them to go after more high profile companies, like JLR.
“The growing collaboration between threat-actor groups to execute crimes underscores how much they now operate like enterprises, and reinforces the need to harden defences.
“Scattered Spider typically relies on social engineering to gain initial access. Intelligence indicates the group is native English-speaking, which helps them sound credible across phone, email and social media. Their techniques include persuasive phone calls impersonating trusted parties and phishing campaigns fuelled by personal details stolen from social platforms.
“This reconnaissance enables highly targeted attacks. People should be mindful of what they share online, even fragmented information spread across multiple platforms can be correlated and weaponised.
“Once inside, they will deploy ransomware, and early reports suggest that this may be the case here.
“Common targets include virtualisation platforms such as ESXi and Hyper-V because compromising these can cause max disruption.
“An organisation the size of JLR is likely to have controls in place, but manufacturers face additional challenges due to reliance on legacy equipment, which increases risk and complicates patching.
“Defensive strategies therefore need to be layered: educate users to recognise social-engineering attempts; reinforce official verification and callback procedures; keep external perimeter devices consistently patched; and segment networks so that high-value assets are not reachable via remote mechanisms, unless strictly necessary.”
For more cybersecurity news, click here