The threats that worry me most aren’t the elite hackers with the latest tools and cutting-edge malware. The bigger danger comes from something more…ordinary. A cybercrime group called Scattered Spider prefers smooth talking over sophisticated coding. Instead of smashing through your defenses, they talk their way into your network — often by simply asking your support desk for a password.
Scattered Spider doesn’t target your servers or workstations first. They target the people — the helpful support desk staff whose job is to provide fast, critical assistance. That helpfulness can become the weak spot.
Their favorite tactic starts with a phone call. They might impersonate an employee they’ve researched on LinkedIn. Then they use a casual request that sounds all too normal:
-
“Hey, I just got a new phone! Can you remove my multi-factor authentication (MFA) and let me activate a new one?”
-
“I forgot my password. Can you reset it for me?”
After gaining a bit of trust, they push for the MFA reset link or password reset to go directly to them, bypassing the real employee entirely. With MFA out of the way and valid credentials in hand, they seize control of accounts — often those with top-level administrative privileges. From there, they move through systems, steal sensitive data, or launch ransomware. Their attacks have caused massive disruption and financial losses for major organizations like M&S, Co-op, MGM Resorts, and Caesars Entertainment.
As your managed service provider, we recognize that groups like Scattered Spider see us as a high-value target. That’s why we treat these threats with seriousness and sharpen our “spidey sense” to spot them before they strike.
At Network 1 Consulting, we’ve built strong internal safeguards to avoid falling into their traps. When someone calls our help desk to request a password reset or MFA change — especially for an administrative account — we don’t just say, “Sure thing.” Instead, we:
-
Require Multi-Party Approvals: For critical requests, more than one trusted person must sign off.
-
Follow Rigorous Verification Steps: We confirm identity through multiple verification methods. If anything feels suspicious, we hang up and call the user back using a pre-registered, trusted contact method.
-
Deliver Ongoing Awareness Training: Our help desk team receives regular, specialized training on social engineering tactics. They learn to catch subtle red flags, unusual asks, and inconsistencies. We choose security over convenience — every time.
-
Enforce Strong Identity Controls: We use phishing-resistant MFA and strict identity management to block privilege escalation and lateral movement.
What You Can Do: Activate Your Own Spidey Sense!
While we’re on the front lines, remember — you are the first line of defense.
-
Be Skeptical (in the right way): If someone calls claiming to be IT and asks for sensitive actions, question it. Say, “I’ll call you back on our official line.”
-
Verify, Verify, Verify: Confirm any unusual request, even if it looks like it’s coming from a familiar source.
-
Report Anything Suspicious: If something feels off — even a strange phone call that goes nowhere — tell us immediately. That tip could prevent an attack.
For more information, please email [email protected].
Comments are closed for this post.
