Welcome to an insightful conversation with Dominic Jainy, a seasoned IT professional with deep expertise in cybersecurity, artificial intelligence, machine learning, and blockchain. With a keen eye on emerging threats, Dominic has been closely following the tactics of sophisticated hacking groups like Scattered Spider, whose innovative and aggressive methods have challenged organizations worldwide in 2025. In this interview, we dive into the evolving landscape of cyber threats, exploring how groups like Scattered Spider operate, the industries they target, and the critical defenses organizations must adopt to stay ahead. From social engineering tricks to identity protection strategies, Dominic shares his expert perspective on safeguarding against these relentless adversaries.
Can you give us a quick rundown of who Scattered Spider is and why they’ve become such a major concern for organizations in 2025?
Scattered Spider is a hacking collective tied to a broader online criminal network, often referred to as The Com. They’ve gained notoriety in 2025 for their highly effective and adaptable attack methods, targeting high-profile organizations with alarming success. What makes them a big concern is their ability to bypass traditional security measures through social engineering and identity theft tactics. They don’t just exploit technical vulnerabilities; they manipulate human behavior, which is often the weakest link in any security chain. Their attacks from April to July this year showed just how quickly they can infiltrate sensitive systems and deploy ransomware, making them a top priority for cybersecurity teams.
What types of industries has Scattered Spider been focusing on this year, and what might be driving their choice of targets?
This year, Scattered Spider started by hitting retailers hard in April and May, then shifted their focus to the insurance sector in June, and later that month moved on to transportation. I think their choices are driven by a mix of opportunity and high payoff. Retailers often have vast amounts of customer data and payment information, which are goldmines for cybercriminals. Insurance companies hold sensitive personal and financial data, plus they’re often under pressure to pay ransoms to avoid massive disruptions. Transportation, on the other hand, is critical infrastructure—disrupting it can cause chaos and force quick payouts. Their pivot over the months likely reflects learning from each campaign, adapting to where they see the most success or the least resistance.
Could you walk us through the typical approach Scattered Spider uses to carry out their attacks?
Absolutely. Their playbook often starts with a deceptively simple move, like calling an IT helpdesk and pretending to be a locked-out employee. Once they get a password reset, they target multifactor authentication (MFA) by using a tactic called push notification fatigue—basically, bombarding a user with login alerts until they approve one just to make it stop. From there, they move fast, changing where MFA codes are sent and using social engineering to access sensitive systems like SharePoint or Okta. Within hours, they can steal critical data or deploy tools like remote access trojans. It’s a blend of psychological manipulation and technical prowess that catches many organizations off guard.
One particularly unsettling tactic is their use of threats of physical violence as an extortion method. How common is this, and what can companies do to prepare for such extreme measures?
It’s not as common as financial extortion, but it’s a growing trend among groups like Scattered Spider who want to escalate pressure. Threatening physical harm to executives or their families is a psychological tactic meant to instill fear and force quick compliance, often for ransom payments. Companies need to take this seriously by having crisis management plans in place that include executive protection protocols. Training staff to recognize and report such threats immediately, and working with law enforcement for rapid response, is crucial. It’s also about ensuring that no single individual feels isolated or solely responsible for handling such a situation—there should be a clear chain of command and support.
There’s been a noticeable drop in Scattered Spider’s activity after July 2025. What do you think contributed to this slowdown?
I believe it’s a combination of external and internal factors. Law enforcement actions, including arrests of suspected members in July, likely disrupted their operations significantly. At the same time, there’s been talk of infighting within the group, which can fracture coordination and slow down their campaigns. These criminal networks often rely on trust and shared goals, so internal conflicts can be as damaging as external pressure. It’s a reminder that even sophisticated groups aren’t immune to breakdowns, but it also means we can’t let our guard down—they could regroup or splinter into new threats.
We’ve heard about other groups like ShinyHunters possibly collaborating with Scattered Spider. How do you see these relationships playing out in the cybercrime world?
There’s definitely overlap in tactics and possibly even direct cooperation among these groups tied to The Com network. Names like ShinyHunters and even Lapsus$ popping up alongside Scattered Spider suggest they might share tools, intelligence, or even members. A name like “Scattered Lapsus$ Hunters” that surfaced recently hints at a merged identity or joint operation for specific attacks. In the cybercrime world, these collaborations are often opportunistic—groups team up for bigger targets or to pool resources. It’s a fluid landscape where alliances form and dissolve based on profit, making it harder for defenders to predict or track their moves.
In terms of defense, why is identity protection such a cornerstone when dealing with threats from groups like Scattered Spider?
Identity protection is critical because it’s the front door for groups like Scattered Spider. They’re not always breaking through firewalls; they’re stealing credentials and impersonating legitimate users. Once they’re in, they can move laterally across systems with ease. Basic username and password combos just don’t cut it anymore. A more mature approach involves tying all applications to single sign-on systems and using advanced MFA methods like number-matching codes, which are tougher to intercept. It’s also about monitoring for unusual behavior—like a user logging in from an odd location or at strange hours. If you secure identity, you can stop these attacks before they spiral.
What are some practical steps organizations can take to counter the social engineering tactics that Scattered Spider relies on so heavily?
Social engineering is their bread and butter, so organizations need to build friction into their processes to slow down attackers. For instance, instead of resetting passwords over the phone, require employees to show up in person or join a video call for verification. Train staff to spot red flags, like urgent requests or odd phrasing in messages, and encourage a culture of skepticism—even if a request comes from what looks like an internal channel like Slack. Regular simulations of phishing or vishing attacks can also keep employees sharp. The goal is to make it harder for attackers to manipulate people, forcing them to abandon the effort or make mistakes that expose them.
Looking ahead, what is your forecast for the evolution of threats from groups like Scattered Spider in the coming years?
I expect these threats to become even more sophisticated as groups like Scattered Spider refine their tactics and potentially integrate emerging technologies like AI for more convincing social engineering or faster system exploitation. We’ll likely see deeper collaborations among criminal networks, creating larger, more resilient threats. On the flip side, as law enforcement and cybersecurity defenses improve, these groups might fragment into smaller, harder-to-track cells. For organizations, the challenge will be staying proactive—continuously updating identity protections, training staff, and building partnerships with vendors and authorities. The cat-and-mouse game isn’t going away; it’s just going to get faster and more complex.