Webinar: How to Locate the New Scattered Spider Phishing Infrastructure
Webinar details
Date released: Friday 22 December 2023
Level: Advanced
Duration: 30 mins (25 mins + 5 mins Q&A)
In this webinar, CEO, Ken Bagnall, explores how to track and monitor Scattered Spider’s Okta phishing infrastructure, using the Silent Push platform, including:
Scattered Spider’s deployment methods feature identifiable patterns and commonalities that allow Silent Push users to discover associated infrastructure and enumerate the threat actor’s online presence, using an array of lookups that can be tailored to a unique set of requirements.
The webinar demonstrates how to track the underlying infrastructure that accommodates a Scattered Spider phishing attack – apex domains, ASNs, registrars etc. – and extrapolate correlative datasets that allow security teams to identify patterns in attacker behaviour, including ASN data, naming conventions etc.
Access the webinar
This webinar can be accessed by filling out the form below. Due to the contents of this webinar, we manually approve each individual who requests access. This means you may have to wait up to 24 hours to receive your personal login code. Thank you for your understanding.
Background
Scattered Spider are a financially motivated threat group who has been active since the second quarter of 2022.
The group is known for launching sophisticated social engineering attacks designed to obtain login credentials and MFA tokens from employees.
Scattered Spider have been responsible for hundreds of incidents in the past year, two of which generated a large amount of media interested and caused significant financial and reputational harm for the organizations involved: the Twilio/Okta breach of August 2022 and the MGM breach of September 2023.