Concerted Successful Attacks On British Retailers

Uploaded on 2025-05-08 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers have attacked Marks & Spencer (M&S), the Co-op and Harrods, with a threat of more attacks to follow. The Government has urged British businesses of all sizes to treat cyber security as an “absolute priority” following the wave of attacks on these leading retailers, with Cabinet Minister Pat McFadden describing the attacks as a wake-up call. 

While details are presently unknown, the Co-op said that hackers gained access to the names and contact details of Co-op members but not their passwords, or details of bank, credit cards or transactions.

Now, the UK National Cyber Security Centre (NCSC) has issued new guidance to combat social engineering techniques used against the retailers by the hackers, with a warning that the criminals launching these cyber attacks were pretending to be from the corporate IT Help Desk in order to penetrate organisations.

The NCSC is advising that organisations should reconsider how their IT teams "authenticates staff members" before resetting passwords, especially senior employees with access to high-level parts of an IT network, highlighting so called 'social engineering' as one the ways that hackers gain account access.

Cyber criminals use social engineering techniques to get people to trust them when they email, text or call pretending to be from a company's IT team, with the aim of tricking employees into handing over their log in passwords and security codes. There is a reverse format of this exploit, that of calling IT team members and pretending to be an employee locked out of their account in order to obtain network access.

The NCSC says these tactics are associated with the English-speaking cyber criminal group named  Scattered Spider, which is also known as Octo Tempest. 

This group are though to be responsible for dozens of ransom attacks on companies to steal data, lock files, damage IT systems and extort  victims. Perhaps Scattered Spider's best know exploit was the attack on  MGM Grand Casinos & Resorts which brought the company to its knees in September 2023.

In expert comment, Craig Watt,  Strategic Threat Intelligenec Consultant with Quorum Cyber said "High-profile UK retail sector organisations have suffered serious cyber attacks causing widespread disruptions to  operations, including payment systems and online order processing.

...These operations have been attributed to Octo Tempest, a financially motivated threat actor that has a track record of prolific attacks with refined and adaptive tradecraft. The group leverages a multi-phase intrusion approach that showcases advanced social engineering and post-exploitation techniques...

Octo Tempest have demonstrated evolving partnerships the DragonForce ransomware cartel, which will likely pose an increased risk of compromise to retail, hospitality, and logistics organisations in the future." Watt said.

There have been six arrests in the US and UK in the past year of hackers accused of being from Octo Tempest / Scattered Spider, however, the accused have denied they are part of that group, but from another group known as  DragonForce, who are also known for ransom exploits. Originally positioned as a Pro-Palestine hacktivist-style operation, DragonForec has since shifted focus to financial gain and extortion

Researchers at SentineOne report that DragonForce claims to take a 20% share of successful ransomware payouts, allowing the affiliate to keep 80%, noting that this: “enables enterprising threat actors to launch seemingly unique ransomware operations, while leveraging DragonForce’s infrastructure and code.

For the developers, this offering allows DragonForce to profit from attacks by affiliates without having the brand tied to the attack or specific operators.” according to SentinelOne.

In other comment, Cynthia Overby, the Director of Security at Rocket Software made the following observations. “The malware used has locked down some of M&S’s central systems, rendering them inaccessible which explains the widespread disruption across stores and its online platforms. Since the retailer has chosen to remain silent beyond the prompt notification of its customers of the technical problems they’re experiencing, all we know is that the hackers most likely found their way in via social engineering techniques.

"Ransomware attacks not only wreak havoc on the IT infrastructure, it also shakes the foundations of brand trust and reputation...

...In those instances, many are tempted to just pay the ransom and resolve the issue quickly. It bears noting however that paying ransomware holds no guarantees either. In many cases, the data cannot be recovered and the acquiescence only encourages future attacks.” Overby concludes.

NCSC   |    SentinelOne   |   BBC   |   Independent   |   The Times  |   Bristol Post  |   Decision Mareting  |  Yahoo 

Image: Ideogram

You Might Also Read: 

Understanding Social Engineering Attack Methods:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 



 

« Present Danger: Cyber Attacks On Power Grids
The Vital Importance Of Semiconductors To AI & Quantum Computing [extract] »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

PFP Cybersecurity

PFP Cybersecurity

PFP provides a SaaS solution for life-cycle protection based on our IoT security platform and power usage analytics.

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

Thinklogical

Thinklogical

Thinklogical manufactures secure, KVM, video, audio, and computer peripheral signal switching solutions for defence C4ISR applications.

Compumatica

Compumatica

Compumatica is a leading European ICT security manufacturer for cybersecurity and encryption products. Solutions include network security, SCADA/ICS security, Mobile/BYOD and email encryption.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference (AtlSecCon)

Atlantic Security Conference is a non-profit, annual, information security conference located in Halifax, Nova Scotia, Canada.

Dataprovider.com

Dataprovider.com

Our Brand Protection Suite gives you the tools to discover trademark infringement on the Internet, such as websites selling counterfeit products, even when this is not immediately noticeable.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Heron Technology

Heron Technology

Heron Technology are a technology solutions consultancy with core competencies in the areas of Cyber Security and Digital Aviation.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.