May 19, 2025 2 Minute Read

• DFIR: Enhance your cybersecurity resilience with Trustwave's DFIR retainer services, offering rapid response, priority handling, and cost-efficient solutions to manage digital forensics and incident response effectively.
• Offensive Security: Protect retail operations against emerging threats like Scattered Spider with Trustwave's Offensive Security Solutions, designed to proactively identify vulnerabilities and mitigate risks.
• Third-Party Supply Security: Secure your supply chain against cyber threats with Trustwave's Managed Vendor Risk Assessment (MVRA), delivering consistent and scalable protection for third-party supply security.

Scattered Spider, aka UNC3944, is switching the focus of its retail-oriented attacks from the UK market to the US, according to published reports.

At this time, no US retailers have been named as targets, but the alleged Scattered Spider activity is a clear sign retailers in the US and worldwide need to prepare.

Trustwave SpiderLabs has been tracking the group for more than a year and published two posts with deep insights in April (Trustwave SpiderLabs' Insights, History, and Mitigations for Scattered Spider and Why Offensive Security Is Crucial for Retail Resilience).

SpiderLabs' threat intelligence on the group includes its techniques, procedures, tactics, and defensive measures to minimize the possibility of being victimized. It has also been noted that Scattered Spider has previously operated in the US, along with India, Canada, France, Sweden, and Australia, among other locations.

Prepare, Hunt, and Respond

Trustwave's deep understanding of how Scattered Spider operates enables our researchers to properly prepare your environment using Offensive Security solutions to defend an organization. Next, ensuring your systems are safe through different threat hunting methods, and finally bringing incident response plans up to date, and maybe running a quick practice exercise.

Trustwave's Threat Hunting comes in two forms. Advanced Continual Threat Hunting (ACTH) and the more traditional variety. Threat Hunting is the proactive identification and elimination of active threats in your environment. Trustwave SpiderLabs inspects systems looking for weaknesses such as outdated and vulnerable software, policy violations, insider threats, and unprotected databases. ACTH hunts for unknown threats like Scattered Spider based on indicators of behavior continuously, not just on a timetable.

Retailers have extensive supply chains, any of which can be a backdoor into the organization. The way to secure this avenue of attack is through a Managed Vendor Risk Assessment (MVRA). Trustwave's MVRA helps organizations assess and manage their cybersecurity supply chain risks with consistent, predictable, affordable, and scalable services. By understanding the risks vendors pose to sensitive data and operations.

Digital Forensics and Incident Response capabilities must be up to speed. If they have been sitting on a digital shelf for an extended period of time take a look to see if the plan is still functional.

According to the 2024 Gartner® Market Guide for Digital Forensics and Incident Response (DFIR) Retainer Services, DFIR solutions should include the following: pre-incident design and assessment, post-incident response assistance, and prepaid retainers. The last point positions any organization so it can quickly call for expert help if the need arises.

A Trustwave DFIR retainer offers:

• Rapid Response: On-call DFIR experts with a 2-hour remote triage guarantee and on-site deployment within 24 hours.
• Priority Service: Retainer clients receive top priority, ensuring swift incident handling.
• Cost Efficiency: Pre-negotiated rates provide significant savings compared to standard consulting fees.
• Flexibility: Unused retainer hours can be allocated to other IR readiness services.

There is no magic wand that can be waved to stop all cyberattacks, but by thinking ahead and having the right plans in place, an organization can weather times when threat groups decide to come after your industry.

Stay Informed

Sign up to receive the latest security news and trends straight to your inbox from Trustwave.