Threat Briefing: September 26, 2025

Despite recent victories, such as the arrest of a Scattered Spider member and the seizure of over $400 million in criminal proceeds, law enforcement faced new challenges this week.

The FBI warned that an unidentified threat actor is spoofing its fraud complaint website, and researchers disclosed a new bypass technique targeting endpoint detection and response (EDR) systems.

• FBI Alerts Public to Fake IC3 Sites – Cybercriminals are spoofing the FBI’s IC3 website to steal personal data and commit fraud. The agency urges users to access the site only via www.ic3.gov, avoid search ads, and note it never requests payment or uses social media accounts. Suspicious incidents should be reported at once. SecurityWeek
• Suspected Scattered Spider Member Surrenders in Las Vegas – A juvenile linked to the Scattered Spider cybercrime group surrendered to Las Vegas police on September 17, facing charges tied to ransomware attacks on Caesars Entertainment and MGM Resorts in 2023. The breaches cost MGM over $100 million and exposed millions of records. Prosecutors aim to try the suspect as an adult, as law enforcement ramps up global efforts against the group. The Record
• EDR-Freeze Bypasses Security Tools Through Windows WER – Security researchers revealed EDR-Freeze, a tool that can hibernate EDR and antivirus software using Windows Error Reporting. Unlike prior methods, it requires no vulnerable driver, making it stealthier. Monitoring WER identifiers linked to sensitive processes can help mitigate the risk. BleepingComputer
• Record DDoS Attack Hits 22 Tbps, 10 Bpps – Cloudflare blocked a record-breaking DDoS attack peaking at 22.2 Tbps and 10.6 billion packets per second, targeting a single IP of a European network company. The 40-second assault, likely linked to the Aisuru botnet, involved over 404,000 IPs across 14 ASNs. Cloudflare noted the IPs were not spoofed, reflecting a highly coordinated attack. DDoS activity in 2025 has already surpassed last year’s total. SecurityWeek
• International Anti-Fraud Operation Recovers $439 Million – Interpol-led efforts across 40+ countries recovered $439 million tied to online scams from April to August 2025. The crackdown targeted voice phishing, romance scams, and business email compromise, blocking 68,000 bank accounts and freezing 400 crypto wallets. The operation, part of the HAECHI collaboration, also led to 45 arrests in Portugal and $6.6 million seized in Thailand, highlighting the global fight against organized cybercrime. The Record