In the ever-evolving world of cybersecurity, staying ahead of sophisticated threat actors is a daunting challenge. Today, we’re thrilled to sit down with Simon Glairy, a seasoned expert in insurance and Insurtech, whose deep knowledge of risk management extends into the realm of cyber threats. With a unique perspective on how cybercriminals exploit vulnerabilities, Simon offers invaluable insights into defending against identity-based attacks, the industries most at risk, and the power of collaboration in combating modern cybercrime. Our conversation delves into the cunning tactics of groups like SCATTERED SPIDER, the sectors bearing the brunt of their attacks in 2025, and the critical steps organizations must take to protect themselves.
What makes identity-based cyber attacks, like those perpetrated by groups such as SCATTERED SPIDER, particularly dangerous compared to other cyber threats?
Identity-based attacks are incredibly dangerous because they target the very foundation of trust in digital systems—our identities. Unlike traditional malware or phishing campaigns that might exploit software flaws, groups like SCATTERED SPIDER focus on manipulating people and processes. They use social engineering to impersonate legitimate employees, often tricking help desk staff into resetting credentials or bypassing security measures. Their speed is staggering; they can move from initial access to full network compromise in under 24 hours. This precision, combined with their ability to exploit human error, makes them a unique and formidable threat.
Can you walk us through the specific tactics SCATTERED SPIDER employs to target identities and gain access?
Absolutely. One of their hallmark tactics is voice phishing, or vishing, where they call help desk staff pretending to be employees in distress. Armed with detailed personal information, they convince staff to reset passwords or multi-factor authentication credentials. Once inside, they register their own devices for access, infiltrate systems like Microsoft 365, and delete security alerts to cover their tracks. They also target high-value accounts—think IT staff or executives—because these often have elevated privileges, giving them a direct path to sensitive data or critical systems.
Why do you think industries like aviation, insurance, and retail were hit so hard by SCATTERED SPIDER in 2025?
These industries are prime targets because of the high stakes involved. Aviation relies on uninterrupted operations and handles sensitive traveler data, so any disruption can have cascading effects. Insurance companies hold troves of personal and financial information, making them a goldmine for data theft and extortion. Retailers, on the other hand, often have sprawling IT environments and large, distributed workforces, which create numerous entry points for attackers. The pressure to avoid downtime in these sectors also makes them more likely to pay ransoms, which is exactly what groups like SCATTERED SPIDER exploit.
How does SCATTERED SPIDER’s focus on help desks and specific employee accounts amplify their impact?
Help desks are a weak link because they’re designed to assist, often under pressure to resolve issues quickly. SCATTERED SPIDER exploits this by manipulating staff into granting access or resetting credentials. Once they’re in, they target accounts of IT and security personnel who have access to network documentation and security tools, essentially handing them the keys to the kingdom. They also go after C-suite accounts for access to sensitive communications and data, which they can use for extortion or to deepen their foothold in the network. It’s a calculated strategy to maximize damage.
What role does public-private collaboration play in combating sophisticated groups like SCATTERED SPIDER?
Collaboration between public and private sectors is a game-changer. When law enforcement and companies share threat intelligence, they can piece together patterns and disrupt operations much faster. For instance, the arrests of SCATTERED SPIDER members were a direct result of such partnerships, where private firms provided critical data on attack methods, and law enforcement acted on it. This teamwork is vital because cybercrime is borderless—no single entity can tackle it alone. It’s about building a collective defense that’s stronger than any individual effort.
Looking ahead, how do you think the landscape of ransomware and similar threats will evolve following high-profile arrests of cybercriminals?
In the short term, arrests like those of SCATTERED SPIDER members will likely disrupt their operations, creating a temporary lull as they regroup. However, these groups are resilient; others may step in to fill the void, or the remaining members might adapt with new tactics. More broadly, these arrests send a powerful message that cybercriminals aren’t untouchable, which could deter some actors. But the flip side is that it might push others to become more covert or aggressive. The ransomware landscape will keep evolving, especially with AI and automation making attacks even more scalable.
What advice do you have for our readers who are looking to strengthen their defenses against identity-based cyber threats?
My advice is to prioritize identity security as your first line of defense. Start by implementing phishing-resistant multi-factor authentication and training staff—especially help desk teams—to recognize social engineering attempts. Make sure you’re monitoring for unusual behavior across your systems, like odd login patterns or data access spikes. Segment your networks and apply strict access controls to limit how far an attacker can move if they get in. Finally, prepare for the worst with regular incident response drills and secure backups. Cyber resilience isn’t just about prevention; it’s about being ready to respond and recover quickly.
