Scattered Spiders, Camera Spies, and a 900% Pivot in Attacks

Airlines under siege, IoT turned weapon, and hacktivists switch targets overnight.

June 30, 2025

In partnership with

🔄 We’re Trying Something New!
We’re piloting a new Quick-Hit Recap format in our Tuesday editions—shorter, sharper, and focused on what matters right now in cyber to start your week. It’s designed for busy execs and security pros who want signal without the noise.

Let us know what you think 👉 Take the 10-second poll to tell us if this format helps you stay ahead.

🧠 CyberFact of the Day:
Over 40% of DDoS attacks in 2025 have come from ideologically motivated groups—not financially motivated actors.

📬 This Week’s Clickables

  • 🚨 Major Breaches & Ransomware UNFI disruption,  U.S. DDoS spike, Scattered Spider targeting airlines

  • 🛡️ IoT Exploitation in WarfareIranian hackers use Israeli cameras for real-time missile targeting

  • 🏢 Government & Corporate HacksGlasgow City Council breach, UBS supplier leak, Nucor and Trezor compromises

  • 🧭 Mitigation & Best PracticesTargeted defenses across IoT, DDoS, ransomware, and third-party breaches

🚨 Major Breaches & Incidents

  • Massive DDoS Spike Against U.S. Firms
    Between June 21–22, U.S. firms saw an 800% DDoS surge, especially in finance, manufacturing, and state services. Notably, attacks on Israel dropped 900% in the same period. Groups like Mr. Hamza and Mysterious Team Bangladesh appear to have pivoted their efforts.
    👉 Hacktivists don’t sleep—they just change targets.

  • Scattered Spider Targets Airline Industry
    The FBI, Google, and Palo Alto Networks warn that Muddled Libra (Scattered Spider) is hitting U.S. airlines. Confirmed victims include Hawaiian Airlines and WestJet.
    👉 Aviation is now in the APT spotlight.

  • UNFI Grocery Attack Disrupts Supply Chain
    Whole Foods distributor United Natural Foods was hit by a June 5 cyberattack, disrupting logistics and prompting a Q4 profit warning of $55–80M. Systems are now restored; no customer data loss reported. While reported weeks ago, the importance of affecting food distribution can’t be understated. Supply chain risk doesn’t just apply to software.
    👉 Supply chain cyber risk is now a CFO conversation.

🛡️ IoT Exploitation in Warfare

  • Security Cameras Used to Observe Missile Impacts
    Iranian cyber operators hijacked Israeli home, traffic, and farm surveillance cams to observe missile effectiveness in real time. Officials now urge disconnection or reconfiguration of vulnerable devices.
    👉 Consumer-grade IoT just became military-grade intel.

🏢 Government & Corporate Hacks

  • Glasgow City Council Servers Compromised
    Servers managed by CGI went down on June 19, exposing citizen data. Attackers are now spoofing council communications to phish residents.
    👉 The breach is bad—what comes after might be worse.

  • UBS Supplier Hack Exposes Employee Data
    Chain IQ was breached, leaking names, internal codes, and even UBS's CEO’s mobile number—affecting 130,000 employees. Client data was reportedly not affected.
    👉 Third-party exposure has never felt more direct.

  • Nucor Steel Breached; Data Exfiltrated
    Nucor confirmed a cyberattack disrupted operations and led to data theft. The company hasn’t disclosed the nature of the stolen information.
    👉 Steel plants: critical infrastructure meets quiet compromise.

  • Trezor Support Exploited in Phishing Campaign
    Attackers used a hijacked support system to send phishing emails tricking users into exposing crypto wallet seed phrases.
    👉 Breach of trust now comes from your own support inbox.

The Secret Weapon for HR

The best HR advice comes from people who’ve been in the trenches.

That’s what this newsletter delivers.

I Hate it Here is your insider’s guide to surviving and thriving in HR, from someone who’s been there. It’s not about theory or buzzwords — it’s about practical, real-world advice for navigating everything from tricky managers to messy policies.

Every newsletter is written by Hebba Youssef — a Chief People Officer who’s seen it all and is here to share what actually works (and what doesn’t). We’re talking real talk, real strategies, and real support — all with a side of humor to keep you sane.

Because HR shouldn’t feel like a thankless job. And you shouldn’t feel alone in it.

🧭 Mitigation & Best Practices

🧯 Ransomware Response & Readiness

(UNFI, Scattered Spider)

  • Test your business continuity plan quarterly.

  • Isolate backups physically/offline.

  • Train staff for targeted social engineering scenarios.

🛡️ DDoS & Hacktivist Defense

(U.S. DDoS Surge, Scattered Spider)

  • Implement auto-scaling WAF/CDN defenses.

  • Set up alerting for attack anomalies by geo/IP shifts.

  • Conduct sector-wide tabletop simulations for airlines and essential services.

📸 IoT Camera Security

(Iranian exploitation of Israeli cameras)

  • Disable unnecessary access.

  • Require password changes and firmware updates.

  • Segment surveillance devices into isolated VLANs.

🧾 Third-Party & Municipal Exposure

(Glasgow Council, UBS, Nucor, Trezor)

  • Audit vendor SOC controls and incident response timeframes.

  • Create pre-approved notification templates to expedite post-breach comms.

  • Use internal decoy data to detect lateral movement in supply chain environments.

Thanks for reading this week’s edition. Like what you see? Forward it!

Hate everything you see or have other feedback? Reply back to this email!