Cybercriminals frequently exploit email phishing as the primary method for gaining initial access to systems and accounts.
In a chilling reminder of the ever-present threat of cyber attacks, the notable ransomware group Scattered Spider carried out an attack in September 2023. The group, responsible for major attacks on MGM Resorts, Caesars Entertainment, and Clorox, used social engineering to trick a help-desk employee into resetting credentials.
Phishing, a method that exploits human behaviour to turn trust into a weapon, remains the most common route threat actors use to achieve initial access. According to the ReliaQuest Annual Cyber-Threat Report, phishing links or attacks were involved in 71% of all security incidents in 2023.
Once Scattered Spider gained initial access, they used cloud administrative commands to modify configurations in the Microsoft Azure platform. They also deployed AlphV ransomware in some of their attacks. Notably, the group obtained and reset the master passwords for the victim organisation's CyberArk and LastPass credentials via email verification.
To combat such attacks, ReliaQuest advises organisations to adopt a layered security approach. This includes robust technology such as phishing-resistant multi-factor authentication, access controls, and operational changes like verification procedures for sensitive requests. People-focused efforts, such as training, awareness, and fostering a security-conscious culture, are also crucial.
Specifically, ReliaQuest recommends adopting phishing-resistant multi-factor authentication, verifying sensitive requests through out-of-band channels, limiting and monitoring remote access tool usage, enhancing continuous security control validation, and maintaining up-to-date technology and patch management.
Moreover, organisations should recognise and defend against evolving phishing techniques, such as impersonation of trusted brands, voice phishing, and QR code-based phishing. Reducing session token lifetimes and focusing on authentication techniques like biometrics can also improve resilience to phishing and social engineering attacks.
Michael McPherson, SVP of technical operations at ReliaQuest, notes that phishing is effective because it requires little output or sophistication from the attacker and works due to human curiosity. Social engineering tactics, such as tricking individuals to divulge sensitive information or grant access to secure systems, are popular among threat actors due to their effectiveness.
The ReliaQuest Annual Cyber-Threat Report, released on Tuesday, is a comprehensive report detailing the state of cyber threats in 2023. However, the specific target of the attack by Scattered Spider in September 2023 was not identified.
Despite the advancements in technology, phishing attacks remain a classic tactic that never goes out of style in the cyber threat landscape. Organisations must remain vigilant and implement the recommended strategies to protect themselves and their users from these persistent threats.
[1] ReliaQuest (2023). 2023 Annual Cyber-Threat Report. [Online]. Available: https://www.reliaquest.com/resources/reports/2023-annual-cyber-threat-report/ [Accessed 15 October 2023].
[2] ReliaQuest (2025). 2025 Annual Cyber-Threat Report. [Online]. Available: https://www.reliaquest.com/resources/reports/2025-annual-cyber-threat-report/ [Accessed 15 October 2023].
- Phishing, a common method used by threat actors to gain access, was responsible for 71% of all security incidents in 2023 according to the ReliaQuest Annual Cyber-Threat Report.
- Scattered Spider, the ransomware group that attacked a notable organization in September 2023, used phishing to trick a help-desk employee and later used AlphV ransomware.
- To combat phishing attacks, ReliaQuest recommends adopting phishing-resistant multi-factor authentication, verifying sensitive requests through out-of-band channels, enhancing continuous security control validation, and maintaining up-to-date technology and patch management.
