Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label NCSC. Show all posts
Ransom
Co-op Cyber Attacks Cyber Triggers CyberCrime Cyberhackers Cyberscams CyberThreat NCSC Ransom

Co-op Hack Triggers Widespread Scam Risk for Consumers


 

Several cyberattacks on major British retailers including Marks & Spencer, the Co-op Group, and others have been attributed to social engineering, the practice of deceiving internal support teams by impersonating legitimate employees to deceive internal support teams. It has been reported that the attackers contacted the companies' IT help desks and posed convincingly as employees seeking immediate assistance. 

Using trust and urgency as a basis, they were able to persuade help desk employees to reset passwords for internal accounts, giving them unauthorised access to sensitive corporate information. Using this technique, attackers could potentially gain access to sensitive data, internal communications, and systems that may be used to further exploit or steal data, as it bypasses traditional technical safeguards. 

Once inside the networks, the attackers could potentially gain access to confidential data, internal communications, and systems that could be used for further exploitation. According to the UK's National Cyber Security Centre (NCSC), in light of these developments, all organisations should conduct a thorough review of their authentication procedures for help desks. 

As social engineering attacks are becoming increasingly sophisticated and difficult to detect, NCSC stresses the importance of implementing strict identity verification methods and training employees to recognise such techniques to prevent them from occurring in the future. Approximately 2,000 grocery outlets are operated by the Co-operative Group, along with 800 funeral homes and legal and financial services, in addition to offering food and beverage services. 

It has been confirmed that precautionary measures have been taken to protect the company's digital infrastructure. These included temporarily suspending certain internal systems that are used by retail operations and the legal department for their operations. A number of the organisation's systems have been affected, including the platform used to monitor stock levels. 

A source familiar with the matter has indicated that unresolved disruptions may result in localised supply issues, which could lead to product shortages on store shelves if not handled promptly. It was also announced that some employees' access to certain digital tools was restricted in response to the breach, so that remote work capabilities would be limited starting Wednesday. As a result of these internal disruptions, the Co-op has said that its retail stores, including those which provide rapid delivery services and funeral care branches, will remain open and operational normally despite these disruptions. 

According to the National Cyber Security Centre (NCSC), it has acknowledged its involvement in the incident and is actively supporting the Co-operative Group as they investigate it. In addition, it is believed that the company is working closely with Marks & Spencer to assess the scope and nature of an incident that occurred in a separate but similarly timed manner, with efforts underway to determine whether there is any connection between the two breaches. 

As a matter of fact, the attack on two major retailers in close succession is unlikely to be a coincidence, according to Marijus Briedis, Chief Technology Officer of Nord Security. It suggests that there has been some coordination between both retailers or perhaps even a shared vulnerability. 

According to the Co-operative Group, although its back-office operations and customer service call centres have suffered disruption, the company's network of 2,000 grocery stores and 800 funeral homes across the UK remains fully functional and continues to serve its customers without interruption, despite these disruptions. 

When the cybercriminal group Scattered Spider first gained prominence in September 2023, it was after successfully infiltrating Caesars Entertainment and MGM Resorts International, an attack which, reportedly, forced Caesars to pay a ransom of $15 million. Recently, the group has been operating in the UK, and they seem to have changed their approach to attacking IT personnel by using sophisticated social engineering tactics rather than technical exploits. 

It has been reported that one of the suspects, Scottish national Tyler Buchanan, has been extradited to the United States from Spain, where he has been charged with attempting to compromise several corporate networks. As a result of Buchanan and his network's involvement in numerous complex and multistage cyber intrusions, U.S. prosecutors are emphasising the growing threat cybercrime poses to society. 

Despite Marks & Spencer's continued efforts to restore its digital systems, and as the Co-op assesses the full extent to which customer data might be exposed by the incidents, critical cybersecurity vulnerabilities have been revealed in enterprise cybersecurity protocols. It has become increasingly important for organisations to prioritise layered, adaptive security frameworks that go beyond traditional defences to combat threats from attackers exploiting human behaviour over system weaknesses. 

It is ultimately clear that in a digital-first economy, the presence of cyber threats must be built into every aspect of the organisation, and to do so, organisations must embed cybersecurity into every aspect of their business. It remains a fact that human factors are the most exploited vulnerability, and without constant vigilance and robust incident response plans, even industry leaders are vulnerable. As M&S continues to deal with major problems caused by a cyber attack attributed to the hacking collective Scatter Spider, the problems have emerged. 

In light of the M&S incident, the Co-op did not comment on whether the extra checks it had conducted resulted in the detection of attempted attacks on its systems. However, it did inform staff of the importance of protecting our systems, mentioning the recent issues surrounding M&S and the cyber-attack they have experienced in the past few weeks. As part of its commitment to reducing costs and preventing shoplifting, the company announced that technology would play an important role in reducing costs and preventing shoplifting. 

The Co-op's grocery stores are currently introducing new technologies such as electronic shelf edge pricing to reduce labour hours, as well as expanding fast-track online grocery delivery services. Morrisons has been at the centre of cyberattacks in the last couple of years. In the run-up to Christmas last year, the retailer suffered from an incident at its tech supplier Blue Yonder that caused the retailer to become extremely vulnerable to cyber threats. 

As recently as 2023, WH Smith was attacked by cyber criminals who illegally accessed their company information, including the personal details of current and former employees. This occurred less than a year after a cyber-attack on WH Smith's Funky Pigeon site forced the store to stop accepting orders for about a week following a cyber-attack. As a result of the recent cyber attacks on leading UK retailers, such as Marks & Spencer and the Co-operative, there is now an urgent and escalating challenge facing the UK: cybercrime is becoming a more prevalent threat in an increasingly digital retail environment. 

In addition to enhancing customer experience, retailers are increasingly embracing advanced technologies to increase efficiency, reduce operational costs, and improve efficiency, but they also increase their exposure to cyber risks, particularly those originating from human manipulation and procedural errors. It is important to note that in a complex ecosystem where automation, remote access systems, and third-party technology partnerships are converging, a single vulnerability can compromise entire networks, resulting in a complex ecosystem. 

It is important for cybersecurity tnot to be viewed simply as a technical function but rather as an integral part of every layer of an organisation's operations. Managing these threats requires organisations to use a holistic approach - issuing regular training to staff on social engineering awareness, setting up thorough verification processes, and auditing access control systems regularly - to mitigate such threats. 

In order to avoid reactive measures, the implementation of zero-trust frameworks, the cooperation with cybersecurity experts, and continual incident simulation exercises must become standard practice instead of reactive ones. For businesses to keep up with the pace of cybercriminals, as they often operate across borders using coordinated tactics, they must also evolve. In addition, boards and leadership teams are responsible for cybersecurity resilience by ensuring that adequate investments, governance, and crisis management plans have been established. 

Additionally, regulatory bodies and industry alliances should make an effort to establish unified standards and collaboratively share threat intelligence, particularly in sectors regarded as high risk. It is not an isolated incident; the recent breaches are a sign of a broader pattern that reveals a systemic vulnerability in the retail supply chain as a whole. The digital age has made it increasingly difficult to ignore cybersecurity when it comes to businesses that depend on trust, reputation, and uninterrupted service crucial element of long-term survival and customer trust.
Read more »
Russia-Ukraine War
Cyber Attacks DDoS DDOS Attacks DDoS Threats Hacker attack Hacktivist group NCSC Pro-Russian Hackers Russia-Ukraine War

Russian Hacktivists Disrupt Dutch Institutions with DDoS Attacks

 

Several Dutch public and private organizations have experienced significant service outages this week following a wave of distributed denial-of-service (DDoS) attacks linked to pro-Russian hacktivists. The Netherlands’ National Cyber Security Center (NCSC), part of the Ministry of Justice, confirmed that the attacks affected multiple sectors and regions across the country.  

The NCSC disclosed that both government and private entities were targeted in what it described as large-scale cyber disruptions. While the full scope is still being assessed, municipalities and provinces including Groningen, Noord-Holland, Drenthe, Overijssel, Zeeland, Noord-Brabant, and cities like Nijmegen, Apeldoorn, Breda, and Tilburg reported that public portals were intermittently inaccessible. 

A pro-Russian threat group calling itself NoName057(16) has claimed responsibility for the cyberattacks through its Telegram channel. Though the NCSC did not confirm the motive, the group posted that the attacks were a response to the Netherlands’ recent €6 billion military aid commitment to Ukraine, as well as future support amounting to €3.5 billion expected in 2026. Despite the widespread disruptions, authorities have stated that no internal systems or sensitive data were compromised. 

The issue appears confined to access-related outages caused by overwhelming traffic directed at the affected servers — a hallmark of DDoS tactics. NoName057(16) has been a known actor in the European cybersecurity landscape since early 2022. It has targeted various Western governments and institutions, often in retaliation for political or military actions perceived as anti-Russian. The group also operates DDoSIA, a decentralized platform where users can participate in attacks in exchange for cryptocurrency payments. 

This model has enabled them to recruit thousands of volunteers and sustain persistent campaigns against European targets. While law enforcement in Spain arrested three alleged DDoSIA participants last year and confiscated their devices, key figures behind the platform remain unidentified and at large. The lack of major indictments has allowed the group to continue its operations relatively unimpeded. 

The NCSC has urged organizations to remain vigilant and maintain strong cybersecurity protocols to withstand potential follow-up attacks. With geopolitical tensions remaining high, experts warn that such politically motivated cyber operations are likely to increase in frequency and sophistication. 

As of now, restoration efforts are ongoing, and the government continues to monitor the digital landscape for further signs of coordinated threats.
Read more »
United Kingdom
cyber attack Cyber Attacks cybersecurity news NCSC United Kingdom

UK Retail Sector Hit by String of Cyberattacks, NCSC Warns of Wake-Up Call

 

The United Kingdom’s National Cyber Security Centre (NCSC) has issued a stark warning following a wave of cyberattacks targeting some of the country’s most prominent retail chains. Calling the incidents a “wake-up call,” the agency urged organisations to strengthen their cybersecurity posture amid growing threats. 

The NCSC, a division of GCHQ responsible for cybersecurity guidance across the UK’s public and private sectors, confirmed it is working closely with the impacted retailers to understand the scope and impact of the attacks. 

“The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public,” said NCSC CEO Dr Richard Horne. 

“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.” 

In the past two weeks, major British retailers Marks & Spencer, Co-op, and Harrods have all reported cybersecurity breaches. Harrods confirmed that threat actors attempted to infiltrate its systems on May 1st, prompting the luxury department store to restrict access to certain websites—a move that suggests defensive measures were enacted during an active threat. Around the same time, the Co-operative Group revealed it was also the target of a cyberattack. 

In an internal memo, Co-op’s Chief Digital and Information Officer Rob Elsey warned staff to exercise caution with email and Microsoft Teams usage, adding that VPN access had been shut down as part of containment efforts. Marks & Spencer, one of the UK’s most iconic retail brands, faced disruptions across its online ordering platform and in-store services such as contactless payments and Click & Collect. The incident has since been identified as a ransomware attack, with sources confirming the involvement of threat actors linked to the Scattered Spider group. 

The attackers reportedly used DragonForce ransomware—tactics that have also been deployed in previous high-profile breaches at companies like MGM Resorts, Coinbase, and Reddit. In light of these incidents, the UK Parliament’s Business and Trade Committee has sought clarification from the CEOs of Marks & Spencer and Co-op on the level of support received from government agencies such as the NCSC and the National Crime Agency.
Read more »
Threats from Technology
Britain Cyberattack cyberattacks trending news Data Theft NCSC News Technology Threats from Technology

UK Faces Growing Cyber Threats from Russia and China, Warns NCSC Head

The UK is facing an increasing number of cyberattacks from Russia and China, with serious cases tripling in the past year, according to a new report by the National Cyber Security Centre (NCSC). On Tuesday, Richard Horne, the new NCSC chief, stated that the country is at a critical point in safeguarding its essential systems and services from these threats.

Rising Threats and Attacks

The report reveals a disturbing rise in sophisticated cyber threats targeting Britain’s public services, businesses, and critical infrastructure. Over the past year, the agency responded to 430 cyber incidents, a significant increase from 371 the previous year. Horne highlighted notable incidents such as the ransomware attack on pathology provider Synnovis in June, which disrupted blood supplies, and the October cyberattack on the British Library. These incidents underscore the severe consequences these cyber threats have on the UK.

Challenges and Alliances

Similar challenges are being faced by the UK’s close allies, including the U.S., with whom the country shares intelligence and collaborates on law enforcement. Horne emphasized the UK’s deep reliance on its digital infrastructure, which supports everything from powering homes to running businesses. This dependency has made the UK an appealing target for hostile actors aiming to disrupt operations, steal data, and cause destruction.

“Our critical systems are the backbone of our daily lives—keeping the lights on, the water running, and our businesses growing. But this reliance also creates vulnerabilities that our adversaries are eager to exploit,” Horne stated.

Cybersecurity Challenges from Russia and China

According to the report, Russia and China remain at the forefront of the UK’s cybersecurity challenges. Russian hackers, described as “reckless and capable,” continue to target NATO states, while China’s highly advanced cyber operations aim to extend its influence and steal critical data. Horne called for swift and decisive action, urging both the government and private sector to enhance their defenses.

Recommendations for Strengthening Cybersecurity

Horne emphasized the need for more robust regulations and mandatory reporting of cyber incidents to better prepare for future threats. He stressed that a coordinated effort is necessary to improve the UK’s overall cybersecurity posture and defend against adversaries’ growing capabilities.

Read more »
TLS
C2 Chinese Hackers Chinese Threat Actors Cyber Attacks Malware Attack NCSC Sophos TLS

NCSC Unveils “Pigmy Goat” Malware Targeting Sophos Firewalls in Advanced Chinese Cyberattack

 

The National Cyber Security Centre (NCSC) recently disclosed the presence of a Linux malware, “Pigmy Goat,” specifically designed to breach Sophos XG firewall devices. This malware, allegedly developed by Chinese cyber actors, represents a significant evolution in network infiltration tactics due to its complexity and advanced evasion methods. 

This revelation follows Sophos’ recent “Pacific Rim” reports, which detail a five-year campaign involving Chinese threat actors targeting network devices at an unprecedented scale. Among the identified tools, “Pigmy Goat” stands out as a rootkit crafted to resemble legitimate Sophos product files, making it challenging to detect. This strategy is known to use stealth by masking its identity within commonly named system files to evade basic detection protocols. “Pigmy Goat” enables threat actors to establish persistent, unauthorized access to the target’s network. Using the LD_PRELOAD environment variable, it embeds itself in the SSH daemon (sshd), allowing it to intercept and alter incoming connections. 

The malware seeks specific sequences called “magic bytes” to identify backdoor sessions, which it redirects through a Unix socket, thereby concealing its presence from standard security monitoring. Once a connection is established, it communicates with command and control (C2) servers over TLS. The malware cleverly mimics Fortinet’s FortiGate certificate, blending into networks where Fortinet devices are prevalent, to avoid suspicion. This backdoor offers threat actors multiple capabilities to monitor, control, and manipulate the network environment. Through commands from the C2, attackers can remotely open shell access, track network activity, adjust scheduled tasks, or even set up a SOCKS5 proxy, which helps them remain undetected while maintaining control over the network. These actions could allow unauthorized data access or further exploitation, posing significant threats to organizational cybersecurity. 

The NCSC report aligns “Pigmy Goat” with tactics used in “Castletap” malware, which cybersecurity firm Mandiant has linked to Chinese nation-state actors. The report’s insights reinforce concerns over the evolving sophistication in state-sponsored cyber tools aimed at infiltrating critical network infrastructure worldwide. Detection and prevention of “Pigmy Goat” are crucial to mitigating its impact. The NCSC report provides tools for identifying infection, including file hashes, YARA rules, and Snort rules, which can detect specific sequences and fake SSH handshakes associated with the malware. 

Additionally, monitoring for unusual files and behaviours, such as encrypted payloads in ICMP packets or the use of ‘LD_PRELOAD’ within the sshd process, can be effective. These insights empower network defenders to recognize early signs of compromise and respond swiftly, reinforcing defences against this sophisticated threat.
Read more »
US Space Industry
Aerospace Cyber Attacks Cyberattacks NCSC new technologies satellite infrastructure space-based assets US Space Industry

U.S. Intelligence Reports: Spies and Hackers are Targeting US Space Industry


U.S. intelligence agencies have recently issued a warning against foreign spies who are targeting the American space industry and executing cyberattacks against the country’s satellite infrastructure.

The U.S. Office of the Director of National Intelligence's National Counterintelligence and Security Center (NCSC) issued a bulletin on August 18, alerting the public that foreign intelligence agencies may use cyberattacks, front companies, or traditional espionage to gather sensitive data about American space capabilities or cutting-edge technologies. The threat also mentions the employment of counter space technologies, such as hacking or jamming of satellites, to interfere with or harm American satellite systems.

As noted by the NCSC bulletin, foreign intelligence agencies "recognize the importance of the commercial space industry to the U.S. economy and national security, including the growing dependence of critical infrastructure on space-based assets." 

A set of guidelines is provided in the statement to assist private enterprises in minimizing any potential harm that these espionage attempts may create. The warning comes as funding for the U.S. space sector is rising rapidly with America’s satellite infrastructure expanding at an unparalleled rate.

NCSC further mentions a number of ways that foreign intelligence can seek to gain access to space agencies, to get hold of their insights and new technologies. Some of these methods appeared innocent enough, such as approaching space industry professionals at conferences or getting in touch with them through online forums to get information.

Other methods were more linked to ‘business dealings,’ through which foreign intel agencies frequently try to obtain access to sensitive information by investing in space companies through joint ventures or shell companies, or by buying their way into the supply chain that American aerospace companies rely on for the sourcing of parts and materials.

Some of the other methods mentioned were more explicit in nature, like carrying out cyberattacks or breaching private networks to steal intellectual property.

Moreover, the NCSC's bulletin warned the private space sector and stated that foreign intelligence agencies can compromise American national security by "collecting sensitive data related to satellite payloads, disrupting and degrading U.S. satellite communications, remote sensing and imaging capabilities," and targeting American commercial space infrastructure during interstate hostilities.  

Read more »
NCSC
ANSSI Cyber Attacks Data protection Hackers-for-hire Law Firms NCSC

Hackers for Hire Going After Law Firms, Alert French and UK Watchdogs

Hackers for hire targeting law firms

According to French and British authorities, law firms are increasingly targeted by mercenary hackers hired to steal data that could affect legal disputes. Reports from the UK's National Cyber Security Centre (NCSC) and France's cyber watchdog agency ANSSI emphasize the different digital dangers law firms face.

Mercenary hackers are on the rise

The cyber watchdog authorities of France and the United Kingdom documented a range of digital challenges law firms face in recent publications, including those posed by ransomware and hostile insiders. Both emphasized the risks presented by mercenary hackers hired by litigants to steal sensitive info from their adversaries in court.

The consequences on legal firms

The increasing number of mercenary hackers targeting law firms threatens the credibility of legal cases. These hackers can tip the scales in favor of their clients by collecting essential data from competing parties. It breaks down the legal system's fairness and has significant consequences for persons involved in legal disputes.

Law firms must take precautions to safeguard themselves against these dangers. Examples of this are implementing effective cybersecurity measures and teaching personnel to spot and avoid typical cyber risks. Firms must also closely monitor their networks for signs of penetration and respond fast to any breaches.

The increase in hackers-for-hire targeting law firms is a concerning trend that must be addressed. Law firms must take precautions to protect themselves from these threats, while authorities must seek to stop these criminal acts. Only through collaboration can we maintain the integrity of our legal system and safeguard it from these grave cyber attacks.

How users may defend themselves

1. Maintain software updates: Check that your operating system and all software have the most recent security patches.

2. Use strong passwords: For all accounts, use unique, complicated passwords, and enable two-factor authentication whenever possible.

3. When opening emails, use caution: Open emails from unknown senders with caution, and avoid clicking on links or attachments in emails.

4. Make a backup of your data: Back up important files regularly to an external hard drive or a cloud storage service.

5. Use antivirus software: Install and keep up-to-date trusted antivirus software on your devices.


Read more »
Ransomware
cyber attack Cyber Attacks Cyberwarfare Nation-State Attack NCSC NHS Ransomware

Russians Hackers May Have Breached NHS Trust With 2.5 Million Patients

 

Intelligence authorities are currently engaged in an investigation into a suspected cyber attack targeting a prominent NHS trust, which serves a vast patient population of 2.5 million individuals. This incident involves a notorious group specializing in ransomware attacks, who have asserted that they possess significant volumes of sensitive data extracted from Barts Health NHS Trust. 

The attackers have issued a deadline of Monday, after which they intend to publicly disclose the pilfered information. On Friday, a group known as BlackCat or ALPHV made a statement asserting that they have successfully breached the security of the targeted organization, gaining unauthorized access to sensitive employee information such as CVs and financial data, including credit card details. 

Additionally, they claimed to have obtained confidential documents pertaining to individuals' identities. The exact nature of the information involved in the incident remains uncertain, including whether it includes patient data or if the hacking group has effectively infiltrated the trust's systems. 

Nevertheless, the situation introduces the possibility that private data belonging to the extensive patient population of approximately 2.5 million individuals served by Barts Health NHS Trust may be exposed on the dark web. In response to these developments, the trust, which encompasses six hospitals and ten clinics in East London, expressed its immediate commitment to conducting a thorough investigation into the claims. 

BlackCat emerged onto the radar in 2021 and has gained a reputation as one of the most advanced malware operations to date. According to reports, the group responsible for BlackCat managed to infiltrate approximately 200 organizations during the period spanning November 2021 to September 2022. 

The gang's modus operandi involves employing various extortion techniques against their victims. These tactics include issuing individualized ransom demands, which encompass requests for decryption keys to unlock infected files, threats of publishing stolen data, and warnings of launching denial of service attacks. 

According to sources at The Telegraph, The National Cyber Security Centre (NCSC), which operates under the purview of GCHQ, is actively involved in the ongoing investigation. Ransomware attacks employ specialized software to either extract sensitive data from the victim or restrict their access to it. 

In certain instances, the attackers employ encryption techniques to lock the targeted files, subsequently demanding a ransom in exchange for providing the decryption key. In 2017, the NHS experienced a significant and widespread impact from the global "Wannacry" ransomware attack, resulting in a temporary halt of operations within the healthcare system. 

The severity of the situation necessitated the urgent transfer of critical patients from affected hospitals to alternative facilities. Notably, the hacking group did not make any mention of an encryption key in their communication. 

Experts in the field have put forward a hypothesis that this omission could potentially indicate that the gang has not encrypted the pilfered information. Instead, they might be employing a strategy commonly seen in such cases, aiming for a swift payment from the targeted organization. This tactic has become increasingly prevalent in recent times.
Read more »
Subscribe to: Posts (Atom)