Concerted Attacks On British Retailers

Uploaded on 2025-05-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers have attacked Marks & Spencer (M&S), the Co-op and Harrods, with a threat of more attacks to follow. The Government has urged British businesses of all sizes to treat cyber security as an “absolute priority” following the wave of attacks on these leading retailers, with Cabinet Minister Pat McFadden describing the attacks as a wake-up call. 

While details are presently unknown, the Co-op said that hackers gained access to the names and contact details of Co-op members but not their passwords, or details of bank, credit cards or transactions.

Now, the UK National Cyber Security Centre (NCSC) has issued new guidance to combat social engineering techniques used against the reatilers by the hackers, with a warning that the criminals launching these cyber attacks were pretending to be from the corporate IT Help Desk in order to penetrate organisations.

The NCSC is advising that organisations should reconsider how their IT teams "authenticates staff members" before resetting passwords, especially senior employees with access to high-level parts of an IT network, highlighting so called 'social engineering' as one the ways that hackers gain account access. Cyber criminals use social engineering techniques to get people to trust them when they email, text or call pretending to be from a company's IT team, with the aim of tricking employees into handing over their log in passwords and security codes. There is a reverse format of this exploit, that of calling IT team members and pretending to be an employee locked out of their account in order to obtain network access.

The NCSC says these tactics are associated with the English-speaking cyber criminals known as Scattered Spider.

This group are though to be responsible for dozens of ransom attacks on companies to steal data, lock files, damage IT systems and extort  victims.Perhaps Scattered Spider's best know exploit was the attack on  MGM Grand Casinos & Resorts which brought the company to its knees in September 2023.

In expert comment, Cynthia Overby, the Director of Security at Rocket Software made the following observations. “A ransomware attack has caused widespread disruption at retailer Marks & Spencer, halting all online orders and impacting online in-store payments as well in its UK stores. While we have no confirmation on who is responsible, a demand for payment is imminent if it hasn’t happened already.

“The malware used has locked down some of M&S’s central systems, rendering them inaccessible which explains the widespread disruption across stores and its online platforms. Since the retailer has chosen to remain silent beyond the prompt notification of its customers of the technical problems they’re experiencing, all we know is that the hackers most likely found their way in via social engineering techniques.

"Ransomware attacks not only wreak havoc on the IT infrastructure, it also shakes the foundations of brand trust and reputation...

...In those instances, many are tempted to just pay the ransomware and resolve the issue quickly. It bears noting however that paying ransomware holds no guarantees either. In many cases, the data cannot be recovered and the acquiescence only encourages future attacks.” Overby concluded.

There have been six arrests in the US and UK in the past year of hackers accused of being from Scattered Spider,  however, the accused have denied they are part of Scattered Spider but from another group known as  DragonForce, also known for ransom exploits.  Originally positioned as a Pro-Palestine hacktivist-style operation, DragonForec has since shifted focus to financial gain and extortion

Researchers at SentineOne report that DragonForce claims to take a 20% share of successful ransomware payouts, allowing the affiliate to keep 80%, noting that this: “enables enterprising threat actors to launch seemingly unique ransomware operations, while leveraging DragonForce’s infrastructure and code.

For the developers, this offering allows DragonForce to profit from attacks by affiliates without having the brand tied to the attack or specific operators.”

NCSC   |    SentinelOne   |   BBC   |   Independent   |   The Times  |   Bristol Post  |   Decision Mareting  |  Yahoo 

Image: Ideogram

You Might Also Read: 

Understanding Social Engineering Attack Methods:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 



 

« Present Danger: Cyber Attacks On Power Grids
The Vital Importance Of Semiconductors To AI & Quantum Computing [extract] »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

Silicon:SAFE

Silicon:SAFE

Silicon:SAFE develops impenetrable hardware solutions that prevent bulk data theft during a cyber-attack.

Romanian Association for Electronic Industry & Software (ARIES)

Romanian Association for Electronic Industry & Software (ARIES)

ARIES is the Romanian Association for Electronic Industry and Software, the biggest and most influental organization created for the IT&C industry in Romania.

360 Total Security

360 Total Security

360 company is the largest provider of Internet and mobile security products in China.

Elliptic

Elliptic

Elliptic solve the crucial problem of identity in cryptocurrencies, with the sole purpose of combating suspicious and criminal activity.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Trust Stamp

Trust Stamp

Trust Stamp provide Identity and Trust as a Service to answer two fundamental questions: “Who are you?” and “Do I trust you?"

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

Cyber7

Cyber7

CYBER7 is a National Cyber Security Innovation community initiated by Israel National Cyber Directorate, Ministry of Economy and Israel Innovation Authority led by Tech7 – Venture Studio.

Birch Cline Cybersecurity

Birch Cline Cybersecurity

Birch Cline specializes in helping Local Government and Education agencies, as well as mid-market organizations, build and maintain successful cybersecurity programs.

Anjuna Security

Anjuna Security

Software from Anjuna Security effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

2021.AI

2021.AI

2021.AI serves the growing business need for full oversight and management of applied AI.