Prevent undetectable malware and 0-day exploits with AppGuard!

When Cybercrime Groups Merge: Why You Need Isolation & Containment Now

Tony Chiappetta
by Tony Chiappetta
November 11, 2025

In a stark reminder of how quickly cyber threats evolve, the cybersecurity news site The Hacker News reports that three prominent cybercrime groups—Scattered Spider, LAPSUS$ and ShinyHunters—have combined forces under a loose-knit collective. The Hacker News

This “merger” of threat actors underscores the growing sophistication and scale of attacks. These groups are pooling resources, branding and infrastructure, offering extortion-as-a-service and targeting high-value organisations with social engineering, remote access, and ransomware-style operations.

For business owners and IT leaders this is a wake-up call: the traditional model of “detect and respond” is no longer enough. When adversaries are well organised, fluid and using zero-day tactics, the moment you detect may be too late. Today, your defence must shift to isolation and containment.

What the Merger Means for Your Business

  • The groups are collaborating through Telegram-based channels, creating “brand visibility” and recruiting affiliates with lower barriers to entry.

  • Attacks are shifting from simple phishing to multi-stage intrusions: social engineering → remote access (via tools such as AnyDesk or TeamViewer) → reconnaissance → payload-drop (e.g., potential new ransomware variant).

  • The consolidation means that attackers can share techniques, infrastructure and market themselves to victims—raising the risk that any company of any size may suddenly find itself a target.

Thus your endpoint protection strategy cannot simply rely on spotting known threats after the fact.

Why “Detect & Respond” Is Failing

So much of modern endpoint security is built on detection: signature-based antivirus, heuristic rules, behaviour analysis. But with adversaries combining forces, using living-off-the-land tools (LOTL) and zero-days, waiting for detection means waiting while the attackers are already inside.

By the time alerts trigger, they may have moved laterally, stolen credentials, launched ransomware, or exfiltrated data. As one vendor puts it: “recognition-based defences struggle when the adversary uses unknown or stealth techniques.”

Moreover, the merged groups highlighted by The Hacker News show that threat actors are evolving their business models: they are packaging access, infrastructure and extortion services, making compromise more accessible and scalable for malicious actors. The speed and agility of these threats outstrip legacy detection tools.

Enter Isolation & Containment with AppGuard

To counter this new level of threat, a different approach is needed—one based on isolation (separating and restricting risky components) and containment (blocking harmful actions before they spread), rather than purely detection.

AppGuard is a mature endpoint protection solution with a proven 10-year track record, originally developed for high-security environments and now available commercially for business use.

Key advantages of AppGuard’s isolation & containment approach:

  • Rather than trying to identify every malicious file or behaviour, AppGuard controls what any process can do. If it attempts to deviate or load a suspicious DLL or inject code, it’s blocked.

  • It defends successfully against zero-days, fileless malware and living-off-the-land techniques by denying the malicious process the ability to act — regardless of whether it is recognised as malicious.

  • It reduces dwell time and limits blast radius: if a breach attempt occurs, it’s contained rather than allowed to pivot.

  • It simplifies operations: fewer alerts, fewer investigations, less resource strain. 

In short, AppGuard helps you shift from a “we’ll detect it and then respond” mindset to “we’ll stop it upfront” mindset.

What This Means for Your Organisation

Because cybercrime is now more cooperative and sophisticated, business owners must rethink endpoint security along three fronts:

  1. Assume someone will attempt to breach. With adversaries consolidating, the odds are higher.

  2. Stop attacks at the endpoint before they spread. Detection alone is reactive. Isolation and containment is preventive.

  3. Deploy a solution that aligns with this preventive mindset. AppGuard gives you that capability now.

If you rely on legacy detection tools alone, you may find yourself reacting to an incident rather than preventing one. But with AppGuard you shift to a proactive posture.

Next Steps for Business Owners

If you are responsible for the security of your organisation, now is the time to act. Threat actors are evolving. Defences must evolve too.

Talk with us at CHIPS about how AppGuard can be implemented in your environment. We will help guide you from detect-and-respond to isolation-and-containment, so your endpoints are protected before the next major breach finds you.

Don’t wait until the headlines talk about your company. Contact CHIPS today and help your business move to the next era of endpoint protection.

Like this article? Please share it with others!

 
Tags:
AppGuard, 0-day, Ransomware
Tony Chiappetta
Post by Tony Chiappetta
November 11, 2025
Follow me on my website Follow me on LinkedIn

Comments
How You Can Achieve Zero Trust Protection on an Endpoint

How You Can Achieve Zero Trust Protection on an Endpoint

Some IT Professionals say Zero Trust is impossible to implement however, the US Federal Government has been using these principles for decades.  Download our White Paper to learn how to fully secure your computers.