Summary
This video examines Scattered Spider, a loosely organized but highly effective cybercrime group that has emerged as one of the most dangerous threat actors in 2025. Named by the cybersecurity community rather than self-identified, Scattered Spider distinguishes itself through sophisticated identity-based attacks that target Microsoft 365, Active Directory, and Entra ID infrastructure. The group's methodology centers on exploiting identity as the connective tissue of modern IT environments, using social engineering and MFA bypass techniques to gain initial access before pivoting to cloud identity systems. Once inside, attackers elevate privileges, modify identity policies, and tamper with audit visibility to redefine who the environment trusts as legitimate. The presentation features insights from Ray Ulmerle, Field CISO for Coveware by Veeam, who brings real-world perspective as a multi-time ransomware survivor and CISSP-certified security expert. The analysis emphasizes that recovery from Scattered Spider attacks requires rebuilding trust in identity systems through network segmentation, credential rotation, and comprehensive verification—a process that can extend timelines for weeks or longer compared to traditional ransomware incidents focused on file decryption.
