Hackers who attacked Marks & Spencer and the Co-op duped IT professionals into giving them access to their companies' networks, according to a report.
The "social engineering" attack on the Co-op allowed fraudsters to reset an employee's password before infiltrating the network, and a similar method was employed against M&S, insiders told BleepingComputer.
Hundreds of agency workers at Marks & Spencer were advised not to come to work as the retailer grappled with the aftermath of a hack that cost the business £650 million in a matter of days.
The disruption started in April when click-and-collect orders and contactless payments were impacted. Stuart Machin, the CEO of M&S, confirmed the issue in a message to customers, stating that the retailer would be making "minor, temporary changes" to in-store operations while it dealt with the ongoing "cyber incident.”
In order to counter the "social engineering" tactic employed by the hackers from the Scattered Spider network against the UK supermarkets, the National Cyber Security Centre (NCSC) has released new guidelines.
“Criminal activity online — including, but not limited to, ransomware and data extortion — is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared,” noted Jonathon Ellison, NCSC’s national resilience director, and Ollie Whitehouse, its chief technology officer, in a blog post.
They have recommended firms to "review help desk password reset processes" and pay special attention to "admin" accounts, which typically have more access to a company's network.
The Scattered Spider network is a group of young guys from the UK and the United States who gained popularity in September 2023 when they broke into and locked up the networks of casino companies Caesars Entertainment and MGM Resorts International, demanding large ransoms.
Caesars paid approximately $15 million to rebuild its network. It specialises in "breaking down the front door" of networks before passing control to a "ransomware" group, which cripples the network and extorts its owner, according to the Times.
Tyler Buchanan, a Scottish man accused of being a key member of the organisation, was extradited to the United States from Spain last month after being charged with attempting to hack into hundreds of companies, Bloomberg News reported, citing a US Justice Department official.
At the time of the assault, M&S stated that it is "working extremely hard to restart online and app shopping" and apologies for the inconvenience to customers. It has already been unable to process click and collect orders in stores due to the "cyber incident".
