Scattered Identity

Threat hunting Scattered:

• Look for low prevalence logins with IPs.

• Look for logins from multiple IPs.

• Monitor adding users to high privilege groups.

• Monitor password resets of privileged accounts.

• Hunt for reading/access of incident email.

Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial IndustriesEclecticIQ