Podcast: Inside “The Com”: The Social-Engineering Supergroup Behind Global Ransomware Attacks

In this episode of The Cyber Resilience Brief, we unpack “The Comm” — the decentralized cybercrime network reshaping social engineering and ransomware.

Key takeaways:

• How Scattered Spider, Lapsus$, and affiliates evolved from chaotic data theft to highly organized ransomware ops
• Why vishing (voice phishing) remains the most effective way to bypass MFA via help desk social engineering
• How these groups “live off the land” using legitimate admin tools to blend in and evade detection
• The role of Russian intelligence–aligned services in enabling ransomware scale, tooling, and training
• Why double extortion is now standard: encryption + data leak pressure

Defense strategies that actually work today:

• Phishing-resistant MFA
• Help desk hardening & verification protocols
• Continuous validation (BAS/CART)
• Behavior-based detection, not just signatures
• Tight IAM controls and privilege governance

The core message: human-focused attackers now move faster than static controls — resilience requires continuous validation, not periodic testing.

Tune in. This one matters.