The UK government is issuing a warning this week to all companies to make cybersecurity an “absolute priority”, following recent cyberattacks on retailers Marks & Spencer, Harrods, and the Co-op. UK cabinet office minister Pat McFadden is reported to have held a briefing last week with national security officials and the CEO of the National Cyber Security Centre, Richard Horne, aimed at providing support to the three retail groups.
The UK’s National Cyber Security Centre (NCSC) has also issued a warning that criminals launching cyber-attacks at British retailers are impersonating IT help desks to break into organizations.
According to NCSC Deputy Director for Economy and Society Sarah Lyons: “Online shopping is bigger than ever and that’s something to be welcomed – but unfortunately it comes with the risk of shoppers’ accounts being exploited. Businesses have a major role to play in protecting online shoppers.”
The NCSC guidance tells organizations to review their IT help desk password reset processes and to reassess how IT help desks authenticate staff members before resetting passwords. This is especially crucial in the case of key employees with access to high levels of the IT network. The guidance is fuelling speculation that this may have been the vulnerability that was exploited in the recent UK retail attacks.
More attacks to come
British broadcaster, the BBC, has also reported that, on Friday, the group believed to be responsible for the recent retail cyber-attacks, Scattered Spider, informed the broadcaster that there will be more attacks. This further fuels speculation that the recent attacks are part of an orchestrated attack on the retail sector as a whole rather than isolated ransomware attacks.
Scattered Spider is composed of a large number of disparate hackers spread across the UK and the US and is responsible for the hacking and extortion of Caesars Entertainment and MGM Resorts International and has also targeted Visa, PNC Financial Services Group Inc., Transamerica, New York Life Insurance Co., Synchrony Financial, Trust Bank, and Twilio.
Unlike cybercriminal groups located in geographies such as Russia, Scattered Spider is largely composed of native English speakers. This enables the group to mount convincing-sounding, socially-engineered attacks posing as staff members while trying to infiltrate organizations in the UK and the US.
