CyberCube identifies sectors most at risk from Scattered Spider attacks

Posted on | Posted on Admin

CyberCube, a provider of cyber risk analytics, has identified Manufacturing, Education, IT, and Retail as the sectors most at risk of attacks from the threat actor group Scattered Spider — the group behind several recent high-profile cyber incidents, including the attack on large UK retailer Marks & Spencer (M&S).

CyberCube logoScattered Spider has evolved from a newly identified social engineering crew in 2022 into one of the most aggressive ransomware and extortion groups operating today.

Since April 2025, the group has targeted various industries including retail, insurance, and aviation, causing significant financial losses.

The group is known for using sophisticated social engineering tactics, such as help desk impersonation and authentication bypass to infiltrate high-value corporate networks.

Simon West, Director of Customer Engagement at Resilience, stressed that recent attacks by the group have been particularly concerning due to their use of advanced tactics such as SIM swapping and MFA bypass.

Register for the Artemis London 2025 cat bond and ILS market conference<!–Download free catastrophe bond market reports from Artemis–>

As a reminder, on 22 April 2025, M&S disclosed it was responding to a cyber incident carried out by Scattered Spider, believed to have deployed DragonForce ransomware. In May, M&S confirmed the attack is expected to impact group operating profit by approximately £300 million for 2025/26.

CyberCube said cyber risk exposure managers can use its Portfolio Threat Actor Intelligence (PTI) solution to identify organisations within their portfolios most at risk from Scattered Spider. PTI, part of the CyberCube Concierge Threat Intelligence service, uses AI to map the behaviours of cyber threat actors and the technologies they most frequently target.

Based on an analysis of approximately 15,000 companies across major global markets, CyberCube found that 2% of companies with revenues over $500 million — across the US, UK, Canada, Australia, Germany, France, Japan, and Singapore — face the highest likelihood of being targeted by Scattered Spider.

CyberCube identified 287 high-risk companies (2%) that use three or more technologies frequently exploited by Scattered Spider, combined with security lapses the group is known to target.

Notably, these high-risk companies also maintain security conditions that may allow the threat actor to complete critical steps across the attack lifecycle and ultimately achieve their objectives.

An additional 7% (1,037 companies) were categorised as medium risk — using at least one of the group’s preferred technologies and exhibiting vulnerabilities that could allow partial progression of an attack.

William Altman, Head of Cyber Threat Intelligence Services, said, “CyberCube’s analysis reveals both a current cluster of elevated risk in the market and a strategic opportunity for cyber (re)insurers to act preemptively by managing exposure and incentivizing better security before Scattered Spider strikes again. For portfolio managers, our findings reinforce the need to move beyond broad sector assumptions and focus on mapping technological and security posture overlaps across seemingly unrelated sectors and insureds.”

The post CyberCube identifies sectors most at risk from Scattered Spider attacks appeared first on ReinsuranceNe.ws.

Leave a Reply

Your email address will not be published. Required fields are marked *