In recent weeks, several major UK retailers have fallen victim to cyberattacks that reflect a dangerous trend: a rise in sophisticated, identity-centric attacks that bypass traditional defenses and exploit complexity across hybrid IT environments.
At least one attack has been linked to Scattered Spider, a well-known cybercriminal group that epitomizes the modern identity-based threat.
Who Is Scattered Spider, and Why Does It Matter?
Scattered Spider represents a new class of adversaries: skilled, stealthy, and relentless. They rely on social engineering and credential theft to impersonate real users, enabling them to infiltrate networks, escalate privileges, and quietly move laterally to steal data or deploy ransomware.
Their techniques include:
- Phishing, vishing, and impersonation to extract credentials
- Multi-factor authentication (MFA) bypasses using SIM swaps, fatigue attacks, and help desk deception
- Abuse of identity systems like Active Directory, SSO, and Entra ID
- Use of remote access tools to further obscure malicious activity
Their victims include major global organizations such as MGM Resorts and Caesars Entertainment—businesses where identity sprawl and complex access environments are common.
For more details, watch the complete Scattered Spider threat briefing.
Today’s Attacks Are Identity-Driven
Attackers no longer hack in—they log in.
Today’s attackers don’t break down the door. They walk right through it using stolen credentials. Once inside, they blend in, escalate access, and move swiftly. CrowdStrike reports the average time from initial compromise to lateral movement is now just 48 minutes.
The modern identity landscape adds fuel to the fire. Human and machine identities—from employees and contractors to service accounts and automation tools—expand the attack surface exponentially. Each one presents a potential entry point.
Even with tools like MFA and privileged access management (PAM) in place, attackers are finding ways to bypass them. These tools, while essential, can’t detect or stop post-compromise activity like lateral movement or privilege abuse.
How Vectra AI Detects and Stops Scattered Spider-Like Attacks
Vectra AI was built to detect and stop the exact kinds of attacks threat actors like Scattered Spider execute. The Vectra AI Platform, including its Identity Threat Detection and Response (ITDR) capabilities, offers a purpose-built solution to stop identity-centric threats in real time.
By analyzing behaviors across cloud, network, and SaaS environments, we detect early signs of credential misuse, lateral movement, and privilege abuse — and surface only what truly matters to your SOC.
Our customers are reducing attack exposure by 52%, removing up to 50% of time spent on manual tasks, and improving security team efficiency and effectiveness by 40% (IDC: The Business Value of Vectra AI).
Vectra AI Platform Delivers:
- Behavioural-based detections across identity, cloud, and network - surfacing misuses using valid credentials that evade traditional defenses
- AI-driven triage, stitching and prioritization of real attacker behaviors (not noisy alerts)
- Comprehensive native, integrated, managed responses to lock down accounts and revoke EDR sessions
With Vectra AI, you can:
- Stop Hybrid Human and Non-Human Identity Attacks: Detect credential abuse, lateral movement, and privilege escalation before a breach occurs
- Stop Cloud Data Breaches and Ransomware: Identify behaviors indicating cloud workload abuse, ransomware and data exfiltration
- Defend Identity infrastructure: Stop attacks targeting identity store – kerberoasting, DCSYC, rouge LDAP, etc.
For more information, see Vectra AI's MITRE ATT&CK cloud identity coverage for Scattered Spider.
The Bottom Line
Attackers like Scattered Spider are exploiting the shift to hybrid infrastructure and identity-centric operations.
When attackers walk in the front door using stolen identities, Vectra AI ensures you’re still ready to meet them—with speed, accuracy, and control.