A new report from cybersecurity firm CyberCube has identified 287 major companies as high-risk targets for the hacking group Scattered Spider, known for crippling ransomware and extortion attacks. The group has been tied to a surge in cyber incidents in 2025, with 11 confirmed attacks in just the past three months.

“These companies represent about 2% of organizations with revenues above $500 million,” CyberCube wrote in its analysis of 15,000 global firms across the US, UK, Canada, Australia, Germany, France, Japan, and Singapore. Each of the high-risk companies “uses at least three technologies that Scattered Spider is known to target and has security conditions that are ripe for the group’s attacks.”

The group, active since 2022, frequently abuses Microsoft Active Directory, Okta, and remote management tools. It’s also notorious for “sophisticated voice phishing and other social-engineering methods to trick IT help desks into providing credentials or bypassing multifactor authentication,” CyberCube noted.

According to William Altman, cyber threat intelligence lead at CyberCube, “The high-risk designation is primarily based on the presence of technologies Scattered Spider has exploited in past attacks.”

The report highlights Scattered Spider’s rapid expansion in 2025, targeting retail chains in April, insurance companies in June, and airlines shortly after. “The steep rise in activity in 2025… highlights that the group’s capability and appetite for disruption are accelerating,” the company stated.

Notably, the analysis lists seven aviation firms among the highest-risk targets, including Hawaiian Airlines, which was recently confirmed as a Scattered Spider victim.

CyberCube emphasized that its new tool — Portfolio Threat Actor Intelligence (PTI) — offers an early-warning advantage to cyber (re)insurers. “In this instance, there is a known threat actor that appears to be actively targeting a predictable set of vulnerabilities, providing insurers with a rare early-warning window to act before losses occur,” the report explained.

The firm urges exposure managers to go beyond sector-based risk assessments. “Our findings reinforce the need to move beyond broad sector assumptions and focus on mapping technological and security posture overlaps across seemingly unrelated sectors and insureds.”

While 91% of companies in the study were classified as low risk, CyberCube cautioned that “this analysis is not to suggest that most companies do not need to worry about Scattered Spider,” but rather to help insurers prioritize defense strategies where the threat is most immediate.