Concerted Successful Attacks On British Retailers

Hackers have attacked Marks & Spencer (M&S), the Co-op and Harrods, with a threat of more attacks to follow. The Government has urged British businesses of all sizes to treat cyber security as an “absolute priority” following the wave of attacks on these leading retailers, with Cabinet Minister Pat McFadden describing the attacks as a wake-up call. 

While details are presently unknown, the Co-op said that hackers gained access to the names and contact details of Co-op members but not their passwords, or details of bank, credit cards or transactions.

Now, the UK National Cyber Security Centre (NCSC) has issued new guidance to combat social engineering techniques used against the retailers by the hackers, with a warning that the criminals launching these cyber attacks were pretending to be from the corporate IT Help Desk in order to penetrate organisations.

The NCSC is advising that organisations should reconsider how their IT teams "authenticates staff members" before resetting passwords, especially senior employees with access to high-level parts of an IT network, highlighting so called 'social engineering' as one the ways that hackers gain account access.

Cyber criminals use social engineering techniques to get people to trust them when they email, text or call pretending to be from a company's IT team, with the aim of tricking employees into handing over their log in passwords and security codes. There is a reverse format of this exploit, that of calling IT team members and pretending to be an employee locked out of their account in order to obtain network access.

The NCSC says these tactics are associated with the English-speaking cyber criminal group named  Scattered Spider, which is also known as Octo Tempest. 

This group are though to be responsible for dozens of ransom attacks on companies to steal data, lock files, damage IT systems and extort  victims. Perhaps Scattered Spider's best know exploit was the attack on  MGM Grand Casinos & Resorts which brought the company to its knees in September 2023.

In expert comment, Craig Watt,  Strategic Threat Intelligenec Consultant with Quorum Cyber said "High-profile UK retail sector organisations have suffered serious cyber attacks causing widespread disruptions to  operations, including payment systems and online order processing.

...These operations have been attributed to Octo Tempest, a financially motivated threat actor that has a track record of prolific attacks with refined and adaptive tradecraft. The group leverages a multi-phase intrusion approach that showcases advanced social engineering and post-exploitation techniques...

Octo Tempest have demonstrated evolving partnerships the DragonForce ransomware cartel, which will likely pose an increased risk of compromise to retail, hospitality, and logistics organisations in the future." Watt said.

There have been six arrests in the US and UK in the past year of hackers accused of being from Octo Tempest / Scattered Spider, however, the accused have denied they are part of that group, but from another group known as  DragonForce, who are also known for ransom exploits. Originally positioned as a Pro-Palestine hacktivist-style operation, DragonForec has since shifted focus to financial gain and extortion

Researchers at SentineOne report that DragonForce claims to take a 20% share of successful ransomware payouts, allowing the affiliate to keep 80%, noting that this: “enables enterprising threat actors to launch seemingly unique ransomware operations, while leveraging DragonForce’s infrastructure and code.

For the developers, this offering allows DragonForce to profit from attacks by affiliates without having the brand tied to the attack or specific operators.” according to SentinelOne.

In other comment, Cynthia Overby, the Director of Security at Rocket Software made the following observations. “The malware used has locked down some of M&S’s central systems, rendering them inaccessible which explains the widespread disruption across stores and its online platforms. Since the retailer has chosen to remain silent beyond the prompt notification of its customers of the technical problems they’re experiencing, all we know is that the hackers most likely found their way in via social engineering techniques.

"Ransomware attacks not only wreak havoc on the IT infrastructure, it also shakes the foundations of brand trust and reputation...

...In those instances, many are tempted to just pay the ransom and resolve the issue quickly. It bears noting however that paying ransomware holds no guarantees either. In many cases, the data cannot be recovered and the acquiescence only encourages future attacks.” Overby concludes.

NCSC   |    SentinelOne   |   BBC   |   Independent   |   The Times  |   Bristol Post  |   Decision Mareting  |  Yahoo 

Image: Ideogram

You Might Also Read: 

Understanding Social Engineering Attack Methods:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 



 

« Present Danger: Cyber Attacks On Power Grids
The Vital Importance Of Semiconductors To AI & Quantum Computing [extract] »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP) is the Swedish industry association for Swedish incubators and science parks.

Ironhack

Ironhack

Ironhack provide intensive training courses & bootcamps in Web Development, UX/UI Design, Data Analytics & Cybersecurity.

AdEPT Technology Group

AdEPT Technology Group

AdEPT are a managed services and telecommunications provider offering award-winning, proven and uncomplicated technical solutions for over 12,000 organisations across the UK.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

Alea Consulting

Alea Consulting

Alea Consulting is a global risk mitigation and investigative consulting firm, which helps organizations reduce reputation and operational concerns.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

Data Computer Services

Data Computer Services

Data Computer Services provides professional tailored IT Support and IT Services for businesses throughout Edinburgh and the Lothians.

Anzen Technology Systems

Anzen Technology Systems

Anzen create software solutions which allows organisations to utilize the public cloud for sensitive or classified information, whilst increasing data security and retaining data sovereignty.

Axiotrop

Axiotrop

AXIOTROP is a Cybersecurity firm offering leading services in assessment, remediation, and validation to protect the confidentiality, integrity, and availability of regulated information.