Risky Business Risky Business #793 -- Scattered Spider is hijacking MX records
39 snips
May 28, 2025 
Dmitri Alperovitch, a cybersecurity expert and co-founder of CrowdStrike, teams up with Haroon Meer, founder of Thinkst Canary, to dive deep into the latest cyber threats. They discuss a Scattered Spider crew hijacking DNS records for rapid enterprise breaches and the rising dangers of SVG images used in phishing attacks. Alperovitch shares insights on the volatile state of cybersecurity leadership in the U.S., while Meer critiques the AI hype in security, stressing the need for grounded solutions over empty promises.
AI Snips
Chapters
Transcript
Episode notes
Rapid DNS MX Hijacking Attacks
- Attackers hijack DNS MX records to rapidly compromise enterprise cloud environments within minutes.
- This method breaks email, steals credentials, and enables quick pivoting into critical cloud apps like Microsoft 365 and Slack.
DNS Hijacking's Lasting Threat
- DNS hijacking is a long-known attack vector but remains effective due to social engineering and cloud complexity.
- Attackers move fast 24/7, making defense and detection extremely difficult for security teams.
SVG Images Used in Phishing
- SVG images can contain active web content like JavaScript, making them exploitable for phishing.
- Organizations often allow SVGs for branding, but safe handling requires treating them like web documents, not static images.