
An evolution of threat actor
Motivation and a diverse network of people and capabilities can go a long way, then add in digital skills and winning steak… and you have: scattered spider!
There’s a big difference between zero day spraying the internet and planting webshells or copying someone’s open S3 bucket and say…. doxing staff, their families and attacking them and their assets in the real and digital worlds.
I think people won’t broadly grasp the effects that can be achieved (harm) when the adversary is motivated, dedicated, capable, resourced and has very little moral qualms.
There is no magic bullet to defend against an adversary like this, you need a whole of organisation defence (and to pursue even more than that!).
Read more “An evolution of threat actor”