Mainstream media is the end of the line for specific OODA Loop themes and research areas. As much as we use scenario planning methodology and the OODA Loop for our information filtering and curation, ideally, we are not learning anything startlingly new in the New York Times, the WP, or the WSJ. 60 Minutes is an interesting case. They have devoted a few segments to AI and covered Quantum Science fairly recently. They have perfected making complex, challenging information accessible and sensible, with well-thought-out What Next? Questions throughout the segment. So, we were not surprised at the quality of their recent segment on the ransomware epidemic, Scattered Spider’s attack on the MGM Grand, and a few other properties on the Las Vegas Strip last year. They hit all the major plot points and the strategic implications – which mirrored our coverage to date. As much as we all pine for validation, it was rewarding to be in sync with the information covered in the segment. It was also great to see a vehicle for the broad exposure of the concepts of social engineering to the general public – as it definitely suffers from a few cognitive biases (‘that won’t happen to me/you only see that stuff in a spy novel or a Hollywood political thriller).

Russians team up with young, English-speaking hackers for cyberattacks | 60 Minutes (First aired, Sunday, April 14, 2024)

For the uninitiated, the 60 Minutes segment was also a great primer on what the cybersecurity community knows all too well—that good old-fashioned social engineering (a hustle or a con—like some of the stunts Sinatra and the gang pulled in the original Ocean’s 11) remains the main point of entry for most large-scale ransomware hacks. Can someone say the Podesta emails (a fake password change email from the IT department)? Or Stuxnet (which came down to, in the end, someone unwittingly walked into the Iranian nuclear facility with a USB drive with malware on it).

We have been on the social engineering (aka Human Risk Management or Human Engineering beat for a while – providing resources to our readership and the OODA Network regularly. Those resources are compiled here for individuals or organizations who want to follow up on some of the ideas presented in the 60 Minutes segment. We encourage follow-up and reviewing your threat vectors and vulnerabilities vis a vis the social engineering threat. There are plenty of pragmatic implementation resources here – especially in the OODAcast conversations with OODA affiliates who are the experts on the social engineering threat), which are a call to action.

This joint FBI and CISA advisory is essentially an update on the activity of the ransomware gang Scattered Spider, which was attributed to the MGM attack in September of 2023.

Summary

The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint Cybersecurity Advisory (CSA) in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory provides tactics, techniques, and procedures (TTPs) obtained through FBI investigations as recently as November 2023.

Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks. Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion and have also been known to utilize BlackCat/ALPHV ransomware alongside their usual TTPs.

