Concerted Successful Attacks On British Retailers

Uploaded on 2025-05-08 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers have attacked Marks & Spencer (M&S), the Co-op and Harrods, with a threat of more attacks to follow. The Government has urged British businesses of all sizes to treat cyber security as an “absolute priority” following the wave of attacks on these leading retailers, with Cabinet Minister Pat McFadden describing the attacks as a wake-up call. 

While details are presently unknown, the Co-op said that hackers gained access to the names and contact details of Co-op members but not their passwords, or details of bank, credit cards or transactions.

Now, the UK National Cyber Security Centre (NCSC) has issued new guidance to combat social engineering techniques used against the retailers by the hackers, with a warning that the criminals launching these cyber attacks were pretending to be from the corporate IT Help Desk in order to penetrate organisations.

The NCSC is advising that organisations should reconsider how their IT teams "authenticates staff members" before resetting passwords, especially senior employees with access to high-level parts of an IT network, highlighting so called 'social engineering' as one the ways that hackers gain account access.

Cyber criminals use social engineering techniques to get people to trust them when they email, text or call pretending to be from a company's IT team, with the aim of tricking employees into handing over their log in passwords and security codes. There is a reverse format of this exploit, that of calling IT team members and pretending to be an employee locked out of their account in order to obtain network access.

The NCSC says these tactics are associated with the English-speaking cyber criminal group named  Scattered Spider, which is also known as Octo Tempest. 

This group are though to be responsible for dozens of ransom attacks on companies to steal data, lock files, damage IT systems and extort  victims. Perhaps Scattered Spider's best know exploit was the attack on  MGM Grand Casinos & Resorts which brought the company to its knees in September 2023.

In expert comment, Craig Watt,  Strategic Threat Intelligenec Consultant with Quorum Cyber said "High-profile UK retail sector organisations have suffered serious cyber attacks causing widespread disruptions to  operations, including payment systems and online order processing.

...These operations have been attributed to Octo Tempest, a financially motivated threat actor that has a track record of prolific attacks with refined and adaptive tradecraft. The group leverages a multi-phase intrusion approach that showcases advanced social engineering and post-exploitation techniques...

Octo Tempest have demonstrated evolving partnerships the DragonForce ransomware cartel, which will likely pose an increased risk of compromise to retail, hospitality, and logistics organisations in the future." Watt said.

There have been six arrests in the US and UK in the past year of hackers accused of being from Octo Tempest / Scattered Spider, however, the accused have denied they are part of that group, but from another group known as  DragonForce, who are also known for ransom exploits. Originally positioned as a Pro-Palestine hacktivist-style operation, DragonForec has since shifted focus to financial gain and extortion

Researchers at SentineOne report that DragonForce claims to take a 20% share of successful ransomware payouts, allowing the affiliate to keep 80%, noting that this: “enables enterprising threat actors to launch seemingly unique ransomware operations, while leveraging DragonForce’s infrastructure and code.

For the developers, this offering allows DragonForce to profit from attacks by affiliates without having the brand tied to the attack or specific operators.” according to SentinelOne.

In other comment, Cynthia Overby, the Director of Security at Rocket Software made the following observations. “The malware used has locked down some of M&S’s central systems, rendering them inaccessible which explains the widespread disruption across stores and its online platforms. Since the retailer has chosen to remain silent beyond the prompt notification of its customers of the technical problems they’re experiencing, all we know is that the hackers most likely found their way in via social engineering techniques.

"Ransomware attacks not only wreak havoc on the IT infrastructure, it also shakes the foundations of brand trust and reputation...

...In those instances, many are tempted to just pay the ransom and resolve the issue quickly. It bears noting however that paying ransomware holds no guarantees either. In many cases, the data cannot be recovered and the acquiescence only encourages future attacks.” Overby concludes.

NCSC   |    SentinelOne   |   BBC   |   Independent   |   The Times  |   Bristol Post  |   Decision Mareting  |  Yahoo 

Image: Ideogram

You Might Also Read: 

Understanding Social Engineering Attack Methods:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 



 

« Present Danger: Cyber Attacks On Power Grids
The Vital Importance Of Semiconductors To AI & Quantum Computing [extract] »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

PartnerRe

PartnerRe

PartnerRe provides multi-line reinsurance to insurance companies on a worldwide basis. Services include Cyber Risk.

ANIS

ANIS

ANIS represents the interests of Romanian IT companies and supports the development of the software and services industry.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Kapalya

Kapalya

Kapalya empowers businesses and their employees to securely store sensitive files at-rest and in-transit across multiple platforms through a user-friendly desktop and mobile application.

ThreatX

ThreatX

ThreatX provides complete web application & API protection to address expanding app footprints and complex attacks.

Sprint Networks

Sprint Networks

Sprint Networks is a trusted compliance and risk program advisor which deliver cost-effective technology to reduce enterprise-wide risk.

ByteSnipers

ByteSnipers

ByteSnipers specialize in penetration testings and secure development services. Our focus is on your security.

NI Cyber Security Centre

NI Cyber Security Centre

NI Cyber Security Centre works to make Northern Ireland cyber safe, secure and resilient for its citizens and businesses.

Althammer & Kill

Althammer & Kill

Althammer & Kill offers pragmatic solution concepts for data protection and digitization. We advise in the field of data protection, information security and compliance.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

HTL Support

HTL Support

HTL Support, your trusted partner for comprehensive IT support in London. We specialize in delivering top-tier IT solutions tailored to both large enterprises and small businesses.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Ncontracts

Ncontracts

Our mission at Ncontracts is to continually improve our clients’ ability to manage risk and compliance.