Identity-Centric Attacks: The New Reality for UK Retail

May 6, 2025
Caren Havelock
Senior Director
Identity-Centric Attacks: The New Reality for UK Retail

In recent weeks, several major UK retailers have fallen victim to cyberattacks that reflect a dangerous trend: a rise in sophisticated, identity-centric attacks that bypass traditional defenses and exploit complexity across hybrid IT environments.

At least one attack has been linked to Scattered Spider, a well-known cybercriminal group that epitomizes the modern identity-based threat.

Who Is Scattered Spider, and Why Does It Matter?

Scattered Spider represents a new class of adversaries: skilled, stealthy, and relentless. They rely on social engineering and credential theft to impersonate real users, enabling them to infiltrate networks, escalate privileges, and quietly move laterally to steal data or deploy ransomware.

Their techniques include:

  • Phishing, vishing, and impersonation to extract credentials
  • Multi-factor authentication (MFA) bypasses using SIM swaps, fatigue attacks, and help desk deception
  • Abuse of identity systems like Active Directory, SSO, and Entra ID
  • Use of remote access tools to further obscure malicious activity

Their victims include major global organizations such as MGM Resorts and Caesars Entertainment—businesses where identity sprawl and complex access environments are common.

For more details, watch the complete Scattered Spider threat briefing.

Today’s Attacks Are Identity-Driven

Attackers no longer hack in—they log in.

Today’s attackers don’t break down the door. They walk right through it using stolen credentials. Once inside, they blend in, escalate access, and move swiftly. CrowdStrike reports the average time from initial compromise to lateral movement is now just 48 minutes.

The modern identity landscape adds fuel to the fire. Human and machine identities—from employees and contractors to service accounts and automation tools—expand the attack surface exponentially. Each one presents a potential entry point.

Even with tools like MFA and privileged access management (PAM) in place, attackers are finding ways to bypass them. These tools, while essential, can’t detect or stop post-compromise activity like lateral movement or privilege abuse.

How Vectra AI Detects and Stops Scattered Spider-Like Attacks

Vectra AI was built to detect and stop the exact kinds of attacks threat actors like Scattered Spider execute. The Vectra AI Platform, including its Identity Threat Detection and Response (ITDR) capabilities, offers a purpose-built solution to stop identity-centric threats in real time.

By analyzing behaviors across cloud, network, and SaaS environments, we detect early signs of credential misuse, lateral movement, and privilege abuse — and surface only what truly matters to your SOC.  

Our customers are reducing alert fatigue by over 60%, prioritizing threats with 90% more precision, and shrinking dwell time from days to minutes.

Vectra AI for ITDR Delivers:

  • Signal-based detection across identity, cloud, and network layers
  • AI-driven triage and prioritization of real attacker behaviors (not noisy alerts)
  • Early detection of misuse using valid credentials that evade traditional defenses

With Vectra, you can:

  • Detect account misuse and MFA fatigue before privilege escalation
  • Surface cloud console abuse, lateral movement, and C2 setup
  • Reduce time-to-containment with a single, high-fidelity view for SOC teams

For more information, see Vectra AI's MITRE ATT&CK cloud identity coverage for Scattered Spider.

The Bottom Line

Attackers like Scattered Spider are exploiting the shift to hybrid infrastructure and identity-centric operations.  

When attackers walk in the front door using stolen identities, Vectra AI ensures you’re still ready to meet them—with speed, accuracy, and control.

FAQs