Last week, the Las Vegas Metropolitan Police Department arrested a juvenile suspected of involvement in cyberattacks against multiple Las Vegas casinos attributed to the hacking group Scattered Spider. The teenager was booked on identity theft, extortion, and computer intrusion charges, representing the third suspected Scattered Spider member arrested over the past week following two UK arrests. US authorities have charged one UK suspect, Thalha Jubair, over his alleged involvement in over 120 cyberattacks that received over $115 million in ransom payments.
Adrian Culley, Senior Sales Engineer at SafeBreach had this comment on this arrest:
“We will continue to learn a lot more about the members of Scattered Spider, as additional members are apprehended and their court cases progress. However, we can’t expect to be done with this threat just yet. Despite the arrests of a number of the group’s members, their operations have remained largely unhindered. This is due in large part to their:
- Less-than-traditional organizational structure as a disparate group of individuals who coordinate attacks on underground forums and chat apps, which has allowed them to carry on with their activities even when specific members are taken out of commission.
- Reliance on social engineering, which means traditional endpoint security tools often miss their initial entry point. They are logging on, not breaking in, so their malicious activity is often carried out using legitimate credentials and tools.
- Increasing use of ransomware-as-a-service and malware-as-a-service platforms, which has enabled them to quickly and easily execute sophisticated attacks against global enterprises with mature security teams.
Organizations still need to remain vigilant, especially when it comes to identity and access management. This includes adopting phishing-resistant, multi-factor authentication that features:
- A move away from SMS to simple push notifications.
- Stronger implementation of phishing-resistant methods like number matching.
- Multi-factor authentication of physical security keys.
- Help desk hardening.
- Strict verification protocols that go beyond basic, personally identifiable information.
- Continuous education that includes regular training of employees on social engineering tactics.
And, of course, it’s also critical for organizations to simulate attacks against their internal network infrastructure to continuously validate their security controls against the TTPs of threat actors like Scattered Spider. We know a huge amount about how Scattered Spider operates across the kill chain, from infiltration and host level to living-off-the-land lateral movement and exfiltration. Organizations should select a proven exposure validation vendor that can help them use this to their advantage to identify and fix gaps before an attacker can exploit them.”
One has to assume that more arrests are coming. And when they happen, it will be interesting to get more intel on this group of threat actors as that would be handy in terms of fighting similar groups.
Like this:
Like Loading...
Related
This entry was posted on September 25, 2025 at 9:00 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Juvenile Nabbed By Cops Tied To The Threat Actor Known As Scattered Spider
Last week, the Las Vegas Metropolitan Police Department arrested a juvenile suspected of involvement in cyberattacks against multiple Las Vegas casinos attributed to the hacking group Scattered Spider. The teenager was booked on identity theft, extortion, and computer intrusion charges, representing the third suspected Scattered Spider member arrested over the past week following two UK arrests. US authorities have charged one UK suspect, Thalha Jubair, over his alleged involvement in over 120 cyberattacks that received over $115 million in ransom payments.
Adrian Culley, Senior Sales Engineer at SafeBreach had this comment on this arrest:
“We will continue to learn a lot more about the members of Scattered Spider, as additional members are apprehended and their court cases progress. However, we can’t expect to be done with this threat just yet. Despite the arrests of a number of the group’s members, their operations have remained largely unhindered. This is due in large part to their:
Organizations still need to remain vigilant, especially when it comes to identity and access management. This includes adopting phishing-resistant, multi-factor authentication that features:
And, of course, it’s also critical for organizations to simulate attacks against their internal network infrastructure to continuously validate their security controls against the TTPs of threat actors like Scattered Spider. We know a huge amount about how Scattered Spider operates across the kill chain, from infiltration and host level to living-off-the-land lateral movement and exfiltration. Organizations should select a proven exposure validation vendor that can help them use this to their advantage to identify and fix gaps before an attacker can exploit them.”
One has to assume that more arrests are coming. And when they happen, it will be interesting to get more intel on this group of threat actors as that would be handy in terms of fighting similar groups.
Share this:
Like this:
Related
This entry was posted on September 25, 2025 at 9:00 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.