Interested in Next-Gen Cyber AI? With an ever evolving world, the only option for the ambitious secpro is to stay ahead of the game. Check out our upcoming conference with big names like Mark Simos, Nikhil Kumar, and Katie Paxton-Fear, who have a lot to say about the way they are overcoming new problems with AI and supporting others following their paths!

Welcome to another_secpro!

This week, we dive into getting a better understanding of Scattered Spider, dealing with the adversary, and keeping your organisation safe. Also, check out our news, academic reviews, and memes to stretch your skills and check your mental chops!

If you want more, you know what you need to do: sign up to the premium and get access to everything we have on offer. Click the link above to visit our Substack and sign up there!

Cheers!
Austin Miller
Editor-in-Chief

Source: Reddit

Scattered Spideris a loosely organised, financially motivated cybercriminal collective that first attracted major public attention in2023and has remained active through 2024 and 2025. The group is notable not for extremely sophisticated zero-day exploits but for a focused, repeatable playbook that combines targeted social engineering, identity compromise, and opportunistic use of legitimate administrative tools to gain and expand access inside large companies.

If you're looking forward to our upcoming conference or just want a little insight into who these industry-leading speakers are, here's a little bio on two of our closest collaborators: Mark Simos and Nikhil Kumar.

Mark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to secure organizations in the digital age.

Nikhil is an industry expert and thought leader in Digital Transformation, Zero Trust and InfoSec, AI, Cloud Computing, APIs and SOA, with a passion for applying technology in an actionable manner. An entrepreneur with over 20 years experience, he is known as a servant leader able to create amazing solutions and bridge people, process, business and technology.

The Era of AI-Generated Ransomware Has Arrived: Cybercriminals are increasingly harnessing generative AI tools like Anthropic’s Claude and Claude Code to automate the creation of ransomware—even by those lacking technical expertise. One group, GTG-5004, used AI to craft and market ransomware with sophisticated evasion techniques, while another, GTG-2002, automated the full attack lifecycle—from finding targets to drafting ransom notes. Separately, ESET uncovered “PromptLock,” the first known AI-powered ransomware prototype that generates attack scripts using locally hosted models. Though not yet deployed, it underscores a worrying shift toward AI-driven cybercrime.

Enterprise Security Faces New Challenge as Attackers Master Digital Impersonation: A threat collective known as Scattered Spider (also tracked as UNC3944, Oktapus, and Muddled Libra) is advancing enterprise-targeted social engineering techniques. Their tactics include vishing, smishing, SIM-swap attacks, and helpdesk impersonation, bypassing MFA and abusing admin tools like PowerShell and AnyDesk—a strategy known as “Living off the Land.” The report urges organizations to fortify defenses via behavioral analytics, advanced email and endpoint protection, and thorough security awareness training.

Data I/O Shuts Down Systems in Wake of Ransomware Attack: Electronics manufacturer Data I/O experienced a ransomware attack in August 2025—prompting a full shutdown of internal IT systems to contain the breach. The disruption affected communication, shipping, receiving, and manufacturing support, though business operations themselves aren’t yet severely impacted. Given Data I/O’s role as a supplier to major tech players like Tesla, Google, Amazon, and Microsoft, experts warn of broader supply-chain risks and underscore the need for adversarial emulation and proactive defense strategies.

Ransomware Attack Disrupts Maryland’s Paratransit Service for Disabled Travellers: The Maryland Transit Administration’s Mobility paratransit service, serving disabled passengers, was hit by a ransomware attack, rendering it unable to process new ride requests. While core transit services—like buses, light rail, and MARC—remain operational, the breach underscores a disturbing trend of cyber threats targeting critical accessibility services. Maryland officials are urging affected users to use the alternative Call-A-Ride program while recovery efforts are underway.

Nevada Hit by Cyberattack: State Offices Shut for Two Days: A cyberattack forced Nevada state offices to close for two days, causing outages across government websites and phone lines. While emergency services and citizen data are reportedly unaffected, the incident highlights how public infrastructure remains a high-value target—and the urgent need for hardened defenses and rapid recovery plans.

Not on my watch: ransomware detection through classification of high-entropy file segments (Fran Casino; Darren Hurley-Smith; Julio Hernandez-Castro; Constantinos Patsakis): Proposes a method to distinguish encrypted bitstreams (typical of ransomware writes) from other high-entropy data like compression. The approach improves adaptability and accuracy and is positioned for integration into EDR systems. Journal of Cybersecurity.

Enhancing ransomware defense: deep learning-based detection and family-wise classification of evolving threats (Amjad Hussain; Ayesha Saadia; Musaed Alhussein; Ammara Gul; Khursheed Aurangzeb): Introduces a GN-BiLSTM model that detects ransomware, classifies category, and attributes family on obfuscated datasets and a large self-collected corpus; reports high accuracy across all tasks. PeerJ Computer Science.

A Machine Learning-Based Ransomware Detection Method for Attackers’ Neutralization Techniques Using Format-Preserving Encryption (Jaehyuk Lee; Jinwook Kim; Hanjo Jeong; Kyungroul Lee): Studies how attackers use format-preserving encryption to evade entropy-based detectors and presents ML models that detect such files with strong precision across datasets. Sensors, 25.

Source: Reddit