Scattered Spider Is Still Targeting Las Vegas SMBs in 2026

⚠ Cybersecurity Alert

Scattered Spider Is Still Targeting Las Vegas — What Every SMB Must Know in 2026

The group that cost MGM $100M has evolved. Now they’re using AI to hit businesses your size — and your IT help desk is their front door.

Published by CMIT Solutions of Las Vegas · Cybersecurity · 6 min read

The Las Vegas Attack That Changed Everything

In September 2023, a group of young hackers known as Scattered Spider — also tracked as UNC3944 by security researchers — did something that shocked the cybersecurity world: they called the IT help desk at MGM Resorts International, impersonated an employee found on LinkedIn, and socially engineered their way into the company’s systems. The result was more than $100 million in damages, 10 days of operational disruption, and a ransomware payload deployed by their ALPHV/BlackCat partners. Casino floors went dark. Hotel reservations collapsed. MGM’s stock dropped overnight.

That same month, Caesars Entertainment paid an estimated $15 million ransom after suffering a nearly identical attack. Two of Las Vegas’s most sophisticated, well-funded corporations were compromised in a matter of weeks — not through elaborate zero-day exploits, but through a phone call and a convincing story.

Fast-forward to 2026: Scattered Spider has not gone away. FBI and CISA advisories confirm the group remains active, has expanded its targeting beyond hospitality and gaming, and has integrated AI-generated voice cloning and deepfake impersonation into their social engineering playbook. For Las Vegas small and mid-sized businesses — the vendors, contractors, legal firms, medical offices, and service companies that power this city’s economy — managed IT services Las Vegas providers are now the first and most critical line of defense.

⚠ Key Stat
Scattered Spider bypassed enterprise-grade security at MGM and Caesars using only a phone call and publicly available LinkedIn data. Your business is a softer target — but managed IT services that enforce proper identity verification and endpoint monitoring can close the gap before attackers find it.

How Scattered Spider’s Attacks Actually Work

Understanding Scattered Spider’s methodology is the first step toward stopping them. Unlike traditional ransomware gangs that probe for unpatched servers or phish email accounts, Scattered Spider’s signature move is telephone-based social engineering — specifically targeting IT help desks, cloud identity providers like Okta, and employees with privileged account access.

  • Step 1 — Open-source reconnaissance: Attackers harvest employee names, titles, and internal systems from LinkedIn, company websites, and leaked data.
  • Step 2 — Help desk vishing: They call IT support impersonating a real employee, claiming to be locked out. AI voice-cloning tools now allow near-perfect voice impersonation.
  • Step 3 — MFA bypass: Once help desk staff reset credentials or approve an MFA request, attackers gain cloud access — often to Microsoft 365, Okta, or VPN portals.
  • Step 4 — Lateral movement: From the initial foothold, they move across the network using legitimate admin tools to avoid detection — a technique called “living off the land.”
  • Step 5 — Ransomware deployment: Partners like ALPHV/BlackCat or Qilin deploy encryption payloads, while Scattered Spider exfiltrates data for double-extortion leverage.

Why Las Vegas SMBs Are Now in the Crosshairs

After the MGM and Caesars attacks drew massive law enforcement attention, Scattered Spider’s targeting has evolved. FBI advisories indicate the group has broadened its focus to mid-market and smaller organizations — vendors and contractors connected to large enterprises, healthcare networks, legal and financial services firms, and government contractors operating in the Clark County area.

  • Hospitality vendors — AV companies, linen services, food distributors connected to major resorts face supply-chain pivot attacks
  • Healthcare offices — Medical practices storing PHI are high-value targets with often-understaffed IT teams
  • Construction and real estate — High-dollar wire transfers make these firms prime business email compromise (BEC) targets
  • Legal and financial firms — Privileged client data creates massive leverage for extortion
  • Government contractors — Clark County and Nevada state vendors face nation-state-adjacent threats increasingly using Scattered Spider’s TTPs

Three Things Your Managed IT Provider Must Have in Place Right Now

The good news is that Scattered Spider’s tactics, while sophisticated, are preventable when the right managed IT services controls are in place. Here’s what every Las Vegas business should verify with their IT provider today:

1. Identity Verification at the Help Desk

THE GAP Most small businesses have no formal identity verification process for IT support requests. Any caller who knows an employee’s name and manager can request a password reset or MFA bypass — exactly how Scattered Spider operates.

THE FIX Your managed IT provider should enforce a callback verification protocol: every help desk request is validated by calling back a pre-registered number on file, not the number the caller provides. No exceptions — even for “urgent” lockouts. CMIT Solutions of Las Vegas builds this into every client’s support workflow by default.

2. Phishing-Resistant MFA Across Every Cloud Application

THE GAP Many Las Vegas businesses have enabled MFA only on email, leaving VPN portals, cloud storage, financial software, and remote access tools completely unprotected. Standard SMS-based MFA is also vulnerable to SIM-swapping — another technique Scattered Spider has used extensively.

THE FIX Deploy hardware security keys (FIDO2/WebAuthn) or authenticator-app-based MFA across every cloud platform your business uses. Your managed IT services provider should audit your full application inventory, identify any gaps, and enforce conditional access policies — so that even a compromised password is never enough to gain entry.

3. 24/7 Managed Endpoint Detection and Response (EDR/MDR)

THE GAP Once Scattered Spider gains initial access, they use native Windows tools — PowerShell, RDP, Task Scheduler — to move laterally. Traditional antivirus does not detect this. Without continuous endpoint monitoring, businesses often don’t discover the intrusion until ransomware is already encrypting files.

THE FIX Modern managed IT services in Las Vegas should include EDR/MDR — software that monitors endpoint behavior in real time and flags lateral movement, privilege escalation, and unusual process execution immediately. CMIT Solutions deploys and monitors EDR across every client endpoint, with alerts escalated to our security team around the clock.

Las Vegas Businesses: Don’t Wait for the Breach.

Scattered Spider doesn’t need a vulnerability in your software. They need one employee to answer a convincing phone call. A proactive managed IT security review takes less than an hour — a breach takes months to recover from.

Schedule a Free Security Review

Defending Las Vegas with CMIT Solutions

CMIT Solutions of Las Vegas has been protecting Clark County businesses from exactly these kinds of evolving threats. We understand the unique threat landscape of the Las Vegas economy — from hospitality vendors to healthcare providers to construction firms — and we build managed IT security programs that are practical, affordable, and designed specifically for the way your business operates. When Scattered Spider calls your help desk, we make sure the answer they get is no.

Protect Your Las Vegas Business Today

Scattered Spider, ransomware gangs, AI-powered phishing — the threats are real and they’re escalating. CMIT Solutions of Las Vegas provides the managed IT services, 24/7 monitoring, and cybersecurity expertise your business needs to stay ahead of attackers.

Get Protected — Talk to a Las Vegas IT Expert

Prefer to talk? Call (702) 725-2877 or email LVsuppot@cmitsolutions.com
3111 S. Valley View Blvd., Suite A205, Las Vegas, NV 89102

Back to Blog

Share:

Related Posts

IT engineers providing on-site staff augmentation services for Las Vegas businesses

🥇 Best IT Services Company in Las Vegas (2025): Why CMIT Solutions Leads the Pack

Best IT Services Company in Las Vegas (2025): Why CMIT Solutions Ranks…

Read More

Top Cybersecurity Risks for Las Vegas Businesses in 2025 | Stay HIPAA/PCI/NGCB/SOC 2 Compliant

Top Cybersecurity Risks for Las Vegas Businesses in 2025 (and How to…

Read More
Frustrated business owner on phone during IT server outage in Las Vegas office

Why Las Vegas Businesses Switch IT Providers After One Outage

The “We’ll Get Back to You” Text Message: Why Las Vegas Businesses…

Read More