Scattered Spider: They Didn't Hack You. They Called Your Help Desk.

Scattered Spider: They Didn't Hack You. They Called Your Help Desk.

In November 2023, the FBI and CISA put out a joint advisory on one of the most effective cybercriminal groups operating today: Scattered Spider. What makes them unusual isn't the malware or the exploits. It's that they barely need any. A phone call, a convincing story, and a help desk employee trying to be helpful — that's often all it takes. In this solo episode, André breaks down exactly how Scattered Spider operates: how they impersonate IT staff to extract credentials, how they hijack phone numbers to bypass two-factor authentication, and how they stay hidden inside a network by blending in with normal IT activity. Including, in some cases, joining the victim's own incident response calls to monitor how the investigation is going. This is also a story about how security fails at the human layer — and what organisations actually need to do to close that gap. What we cover: * Who Scattered Spider is and what sets them apart * Why your help desk is now a primary attack surface * SIM swapping and MFA fatigue — two techniques that break most authentication setups * How they maintain access even after passwords are changed * Their move into ransomware via the BlackCat/ALPHV group * The defences that actually work against this type of attack Source: CISA/FBI Joint Advisory AA23-320A 🌐 human-perimeter.com

People Are Not the Weakest Link

The security industry has called people the weakest link for 30 years. Cybersecurity psychologist Inge Wetzer says the weakness isn't in the people — it's in how the industry understands them. André and Simon dig into why that framing is wrong, why training theater backfires, and what it actually means to treat people as the perimeter.

The $25 Million Call That Never Happened

A CFO who knew 15 precise account numbers across 5 banks. A group of senior executives all agreeing in real time. A confidential transaction that couldn't be discussed with anyone else. Every one of those details was a red flag. None of them were caught. In this episode, Simon unpacks the infrastructure and authentication breakdown behind the $25M Arup deepfake fraud. André applies Red Team thinking to the social engineering — why smart, experienced people stop questioning exactly when they should start. The attack surface isn't your systems. It's trust itself.

Why Cybersecurity Has Been Thinking About People All Wrong

In this introductory episode, André Daus and Simon Gajdosik lay out why The Human Perimeter exists — and why it takes a different angle than almost every other cybersecurity show out there. The cybersecurity industry has spent decades blaming people for breaches. We think the framing is wrong, and we're going to spend a lot of episodes proving it. One host comes from the infrastructure side — building servers, locking them down, cleaning up the aftermath. The other comes from strategic opposition and financial risk — walking into rooms and asking the questions nobody wants to answer. Together they cover the psychology behind why people click, why convenience always fights security, and what it would actually look like to move people from the weakest point in the chain to something stronger. Every episode goes live — meaning you can ask questions in real time. Biweekly. Unscripted. No paywalled questions. Subscribe at human-perimeter.com to get notified when the next episode goes live.