🟠High  | Source: Krebs on Security
Two members of the cybercrime group Scattered Spider pleaded guilty in a UK court on the first day of their trial, in connection with a major cyberattack against Transport for London in August 2024. The attack caused significant disruption to London’s public transport network and its associated IT systems. The case is a rare example of successful prosecution of a sophisticated, socially engineered cybercrime gang.
Security Architect’s Take: Scattered Spider is known for aggressive social engineering and SIM-swapping to bypass MFA — review your identity provider configurations, enforce phishing-resistant MFA (e.g. FIDO2/passkeys), and ensure your service desk has robust identity verification procedures before resetting credentials or bypassing controls.
Original advisory: Scattered Spider Hackers Plead Guilty on Day 1 of Trial