EPISODE · Sep 30, 2025 · 19 MIN
Inside the Spider’s Web: What Indictments Reveal About Scattered Spider
from Cyberside Chats: Cybersecurity Insights from the Experts · host Chatcyberside
Scattered Spider is back in the headlines, with two recent arrests — Thalha Jubair in the UK and a teenager in Nevada — bringing fresh attention to one of the most disruptive cybercriminal crews today. But the real story is in the indictments: they offer a rare inside look at the group’s structure, their victims, and the mistakes that led law enforcement to track them down. In this episode, Sherri Davidoff and Matt Durrin break down what the indictments reveal about Scattered Spider’s tactics, roles, and evolution, and what defenders can learn from these cases. Key Takeaways: Lock down your help desk. Require strong, multi-step verification before resetting accounts, and monitor for suspicious or unusual requests. Prepare for ransom decisions. Develop playbooks that model both paying and refusing, so leadership understands the financial and operational tradeoffs before an incident hits. Get proactive on insider risk. Teens and early-career workers are being recruited in open forums like Telegram and Discord — build awareness and detection into your insider risk program. Pressure-test your MFA. Don’t just roll it out — simulate how attackers might bypass or trick staff into resetting it. Educate your team on voice social engineering. Scattered Spider relied on phone-based tactics; training staff to recognize and resist them is critical. (LMG Security offers targeted social engineering training to help your team prepare.) Resources: BleepingComputer: “US charges UK teen over Scattered Spider hacks including US Courts” https://www.bleepingcomputer.com/news/security/uk-arrests-scattered-spider-teens-linked-to-transport-for-london-hack/ “The Rabbit Hole Beneath the Crypto Couple is Endless” https://www.vice.com/en/article/the-rabbithole-beneath-the-crypto-couple-is-endless MGM Breach: A Wake-up Call for Better Social Engineering Training for Employees https://www.lmgsecurity.com/2023-mgm-breach-a-wake-up-call-for-better-social-engineering-training-for-employees/ DOJ press release on the indictment of five Scattered Spider members (Nov 2024) – https://www.justice.gov/usao-cdca/pr/5-defendants-charged-federally-running-scheme-targeted-victim-companies-phishing-text DOJ press release on UK national Thalha Jubair charged in multiple attacks (Sept 2025) – https://www.justice.gov/opa/pr/united-kingdom-national-charged-connection-multiple-cyber-attacks-including-critical #cyberattack #cybersecurity #cybercrime #informationsecurity #infosec #databreach #databreaches #ScatteredSpider
What this episode covers
Scattered Spider is back in the headlines, with two recent arrests — Thalha Jubair in the UK and a teenager in Nevada — bringing fresh attention to one of the most disruptive cybercriminal crews today. But the real story is in the indictments: they offer a rare inside look at the group’s structure, their victims, and the mistakes that led law enforcement to track them down. In this episode, Sherri Davidoff and Matt Durrin break down what the indictments reveal about Scattered Spider’s tactics, roles, and evolution, and what defenders can learn from these cases. Key Takeaways: Lock down your help desk. Require strong, multi-step verification before resetting accounts, and monitor for suspicious or unusual requests. Prepare for ransom decisions. Develop playbooks that model both paying and refusing, so leadership understands the financial and operational tradeoffs before an incident hits. Get proactive on insider risk. Teens and early-career workers are being recruited in open forums like Telegram and Discord — build awareness and detection into your insider risk program. Pressure-test your MFA. Don’t just roll it out — simulate how attackers might bypass or trick staff into resetting it. Educate your team on voice social engineering. Scattered Spider relied on phone-based tactics; training staff to recognize and resist them is critical. (LMG Security offers targeted social engineering training to help your team prepare.) Resources: BleepingComputer: “US charges UK teen over Scattered Spider hacks including US Courts” https://www.bleepingcomputer.com/news/security/uk-arrests-scattered-spider-teens-linked-to-transport-for-london-hack/ “The Rabbit Hole Beneath the Crypto Couple is Endless” https://www.vice.com/en/article/the-rabbithole-beneath-the-crypto-couple-is-endless MGM Breach: A Wake-up Call for Better Social Engineering Training for Employees https://www.lmgsecurity.com/2023-mgm-breach-a-wake-up-call-for-better-social-engineering-training-for-employees/ DOJ press release on the indictment of five Scattered Spider members (Nov 2024) – https://www.justice.gov/usao-cdca/pr/5-defendants-charged-federally-running-scheme-targeted-victim-companies-phishing-text DOJ press release on UK national Thalha Jubair charged in multiple attacks (Sept 2025) – https://www.justice.gov/opa/pr/united-kingdom-national-charged-connection-multiple-cyber-attacks-including-critical #cyberattack #cybersecurity #cybercrime #informationsecurity #infosec #databreach #databreaches #ScatteredSpider
NOW PLAYING
Inside the Spider’s Web: What Indictments Reveal About Scattered Spider
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m