Concerted Successful Attacks On British Retailers

Uploaded on 2025-05-08 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers have attacked Marks & Spencer (M&S), the Co-op and Harrods, with a threat of more attacks to follow. The Government has urged British businesses of all sizes to treat cyber security as an “absolute priority” following the wave of attacks on these leading retailers, with Cabinet Minister Pat McFadden describing the attacks as a wake-up call. 

While details are presently unknown, the Co-op said that hackers gained access to the names and contact details of Co-op members but not their passwords, or details of bank, credit cards or transactions.

Now, the UK National Cyber Security Centre (NCSC) has issued new guidance to combat social engineering techniques used against the retailers by the hackers, with a warning that the criminals launching these cyber attacks were pretending to be from the corporate IT Help Desk in order to penetrate organisations.

The NCSC is advising that organisations should reconsider how their IT teams "authenticates staff members" before resetting passwords, especially senior employees with access to high-level parts of an IT network, highlighting so called 'social engineering' as one the ways that hackers gain account access.

Cyber criminals use social engineering techniques to get people to trust them when they email, text or call pretending to be from a company's IT team, with the aim of tricking employees into handing over their log in passwords and security codes. There is a reverse format of this exploit, that of calling IT team members and pretending to be an employee locked out of their account in order to obtain network access.

The NCSC says these tactics are associated with the English-speaking cyber criminal group named  Scattered Spider, which is also known as Octo Tempest. 

This group are though to be responsible for dozens of ransom attacks on companies to steal data, lock files, damage IT systems and extort  victims. Perhaps Scattered Spider's best know exploit was the attack on  MGM Grand Casinos & Resorts which brought the company to its knees in September 2023.

In expert comment, Craig Watt,  Strategic Threat Intelligenec Consultant with Quorum Cyber said "High-profile UK retail sector organisations have suffered serious cyber attacks causing widespread disruptions to  operations, including payment systems and online order processing.

...These operations have been attributed to Octo Tempest, a financially motivated threat actor that has a track record of prolific attacks with refined and adaptive tradecraft. The group leverages a multi-phase intrusion approach that showcases advanced social engineering and post-exploitation techniques...

Octo Tempest have demonstrated evolving partnerships the DragonForce ransomware cartel, which will likely pose an increased risk of compromise to retail, hospitality, and logistics organisations in the future." Watt said.

There have been six arrests in the US and UK in the past year of hackers accused of being from Octo Tempest / Scattered Spider, however, the accused have denied they are part of that group, but from another group known as  DragonForce, who are also known for ransom exploits. Originally positioned as a Pro-Palestine hacktivist-style operation, DragonForec has since shifted focus to financial gain and extortion

Researchers at SentineOne report that DragonForce claims to take a 20% share of successful ransomware payouts, allowing the affiliate to keep 80%, noting that this: “enables enterprising threat actors to launch seemingly unique ransomware operations, while leveraging DragonForce’s infrastructure and code.

For the developers, this offering allows DragonForce to profit from attacks by affiliates without having the brand tied to the attack or specific operators.” according to SentinelOne.

In other comment, Cynthia Overby, the Director of Security at Rocket Software made the following observations. “The malware used has locked down some of M&S’s central systems, rendering them inaccessible which explains the widespread disruption across stores and its online platforms. Since the retailer has chosen to remain silent beyond the prompt notification of its customers of the technical problems they’re experiencing, all we know is that the hackers most likely found their way in via social engineering techniques.

"Ransomware attacks not only wreak havoc on the IT infrastructure, it also shakes the foundations of brand trust and reputation...

...In those instances, many are tempted to just pay the ransom and resolve the issue quickly. It bears noting however that paying ransomware holds no guarantees either. In many cases, the data cannot be recovered and the acquiescence only encourages future attacks.” Overby concludes.

NCSC   |    SentinelOne   |   BBC   |   Independent   |   The Times  |   Bristol Post  |   Decision Mareting  |  Yahoo 

Image: Ideogram

You Might Also Read: 

Understanding Social Engineering Attack Methods:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 



 

« Present Danger: Cyber Attacks On Power Grids
The Vital Importance Of Semiconductors To AI & Quantum Computing [extract] »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Qolcom

Qolcom

Qolcom is a leading UK based integrator of secure wireless network and mobile device management solutions.

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

National CyberWatch Center - USA

National CyberWatch Center - USA

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

Fairfirst Insurance

Fairfirst Insurance

Fairfirst Cyber Insurance protects your business assets against the complexity of cyber threats.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Blacksands

Blacksands

Blacksands is a leader in network architecture, identity & services management, threat analysis, industrial IoT architecture, and invisible dynamic networks.

ImmuneBytes

ImmuneBytes

ImmuneBytes is a cutting-edge security startup that aims to provide a secure blockchain environment for a dependable and open Web3 ecosystem.

Converged Communication Solutions

Converged Communication Solutions

Converged is an independent Internet Service Provider, telephony, IT support and security specialist.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

SiyanoAV

SiyanoAV

SiyanoAV's range of antivirus products delivers strong protection against various cyber threats, including malware, ransomware, phishing schemes, and beyond.

Cybermate

Cybermate

Cybermate is the first affordable, gamified ‘Psybersecurity’ awareness training platform that reduces behavioural risk and achieves compliance with Australian cybersecurity standards.

London School of Emerging Technology (LSET)

London School of Emerging Technology (LSET)

LSET's Cyber Security Unit is your premier destination for comprehensive cybersecurity education and training.