The National Cyber Security Centre (NCSC) issued a critical warning regarding a rise in cyber attacks targeting prominent UK retailers, including Marks & Spencer, Co-op, and Harrods. The NCSC specifically highlighted that the attackers have been impersonating IT help desk calls to gain unauthorized access to these organizations. In light of these incidents, the NCSC has prompted businesses to reassess their current security measures, particularly their IT help desk procedures related to password reset processes. This advisory comes as an essential reminder that companies must adhere to best practices to mitigate the risk of falling victim to malicious actors.
The last two weeks have seen an uptick in cyber attacks on notable brands, with the NCSC reporting that an anonymous hacking group, which relates to these recent breaches, has indicated that more attacks are imminent. The organization’s guidance underscores the necessity for companies to tighten their authentication processes when assisting employees, especially those holding senior-level access to sensitive segments of their IT networks. The NCSC’s recommendations are particularly pertinent in light of concerns surrounding the use of social engineering tactics, which hackers might exploit to deceive employees and gain access to confidential information.
Social engineering is a manipulative tactic used by cyber criminals to establish trust before extracting sensitive information. In the context of the current attacks, criminals not only approach valid employees claiming to be from the IT help desk but also call help desk staff pretending to be employees needing assistance with account access. To combat such schemes, experts advocate for implementing additional security layers, such as having unique code words or phrases that employees must use when requesting credential changes over the phone.
The NCSC’s advisory has drawn associations to the Scattered Spider group, which has gained notoriety for similar tactics over the past two years. This group, characterized by a decentralized structure of English-speaking young adults, has executed coordinated attacks using platforms like Discord and Telegram. While the NCSC did not explicitly link the current attacks to Scattered Spider, it acknowledged their propensity for engaging in these types of intrusions.
As a direct result of previous incidents, including breaches at prominent casinos in Las Vegas, authorities have made several arrests connected to Scattered Spider’s activities. Still, the hackers involved in the latest wave of breaches, who identify themselves as DragonForce, denied any affiliation with Scattered Spider when interviewed by the BBC. They claimed responsibility for breaching Co-op and removing extensive customer and employee data, as well as potentially utilizing DragonForce ransomware to disrupt M&S’s IT servers.
In addition to the regulations pertaining to password resets, the NCSC advises organizations to be vigilant about “risky logins,” essentially monitoring unusual login patterns such as access attempts during odd hours or from unfamiliar locations. Though sensitive information can be compromised globally, a notable subset of cyber criminals identified as young, English-speaking individuals residing in the UK and the US have demonstrated adeptness in the deployment of social engineering strategies.
Overall, the current cyber threat landscape necessitates urgent attention to security protocols within organizations, particularly among high-profile corporations. Companies are encouraged to adopt robust authentication measures and remain proactive in their responses to emerging threats. As the landscape changes, businesses must collaborate with cybersecurity experts and law enforcement to better understand, prepare for, and mitigate potential attacks. As we advance in an increasingly digital economy, organizations must remain vigilant to safeguard their data and maintain the trust of their customers.
