Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label ScatteredSpider. Show all posts
ScatteredSpider
Co-op customer data compromise Cyber Attacks cyber intrusion data security DragonForce DragonForce Ransomware Group Malware. Scattered Spider Marks & Spencer ransomware attacks Ransomwares ScatteredSpider

Scattered Spider Cyberattack Cripples M&S, Co-op: DragonForce Ransomware Causes Weeks-Long Disruption

 

Weeks after a significant cyberattack disrupted operations at major British retailers, companies like Marks & Spencer (M&S) and Co-op are still struggling to restore full functionality. Despite public reassurances, the scope of the attack is proving more serious than initially acknowledged. M&S CEO Stuart Machin recently confirmed that personal customer data had been accessed, prompting the company to require password resets for online accounts. Online orders on the M&S website remain suspended weeks after the breach, and no clear timeline has been offered for full recovery. 

The attack first became public on April 25 when M&S halted its online operations due to a cyber intrusion. Within days, Co-op revealed it had also been targeted in an attempted hack, which disrupted several services. Harrods, another luxury retailer, was also reportedly affected during this wave of cyberattacks. While M&S is still unable to process online sales, Co-op has only just resumed stocking its shelves, and both companies remain silent about when operations might return to normal. Government officials have weighed in on the seriousness of the incident. 

Cabinet Office Minister Pat McFadden called the attack a “wake-up call” for British businesses, highlighting the urgent need for enhanced cybersecurity protocols. Financial losses have been steep. M&S is reportedly losing £3.5 million per day while its website remains offline, and its stock has dropped by an estimated half a billion pounds in market value. Co-op also disclosed that customer data had been compromised, and they experienced issues with card payments at the height of the disruption. 

Investigations suggest the cybercriminal group known as Scattered Spider is responsible. Known for targeting large enterprises, the group is believed to have used a ransomware strain called DragonForce to paralyze systems. According to cybersecurity experts, the attackers may have exploited unpatched vulnerabilities and misconfigured systems to gain entry. Reports indicate they employed SIM-swapping tactics to hijack phone numbers and impersonate employees, fooling IT help desks into granting system access. Once inside, the hackers are believed to have compromised Microsoft Active Directory—a central hub that connects internal networks—potentially gaining access to crucial files and passwords. 

Though it’s unlikely they decrypted these password files directly, the level of access would have allowed them to severely disrupt internal systems. Experts say this level of infiltration can cripple multiple areas of a business, making recovery extremely challenging without a full rebuild of core IT infrastructure. One reason for the prolonged disruption may be that both M&S and Co-op chose not to pay the ransom, in line with UK government advice. While this decision aligns with best practices to avoid funding cybercrime, it also means recovery will take significantly longer. 

Despite the chaos, M&S has emphasized that no payment information or account passwords were compromised. The company is urging customers to reset their passwords for peace of mind and has provided guidelines on staying safe online. Co-op has resumed deliveries to most of its stores but acknowledged that some shelves may still lack regular stock. Empty shelves and apology signs have appeared across affected stores, as customers share their frustrations online. 

This incident underscores the growing threat posed by sophisticated cybercriminals and the urgent need for companies to prioritize cybersecurity. From exploiting human error to using advanced ransomware tools, the tactics are evolving, and so must the defenses.
Read more »
ScatteredSpider
Cyberattack Cybersecurity Data Breach DragonForce Extortion Hacking Ransomware Retail ScatteredSpider

Marks & Spencer Cyberattack Fallout May Last Months Amid Growing Threat from Scattered Spider

 

Marks & Spencer is facing prolonged disruption after falling victim to a large-scale cyberattack. Experts warn that restoring normal operations could take months, highlighting a growing trend of sophisticated breaches targeting major retailers. This incident follows a wave of cyber intrusions, including those at Co-op and Harrods, allegedly orchestrated by the same hacking collective — Scattered Spider.

Described by ITPro as “the name on every security practitioner's mind right now,” Scattered Spider has gained notoriety for its aggressive tactics and global reach.

“Scattered Spider is one of the most dangerous and active hacking groups we are monitoring,” said Graeme Stewart of Check Point to Sky News.

Believed to be composed mainly of young, English-speaking individuals based in the UK and US, the group has reportedly executed over 100 cyberattacks since emerging in 2022. These attacks span sectors like telecommunications, finance, retail, and gaming.

One of their most prominent exploits occurred in 2023, when they severely disrupted two leading casino operators. Caesars Entertainment reportedly paid about $15 million to recover access, while MGM Resorts suffered estimated damages of around $100 million due to compromised customer data.

What makes Scattered Spider particularly elusive is its decentralized structure and independence from state backing. “They operate more like an organised criminal network, decentralised and adaptive,” Stewart added. Even after multiple arrests in the US and Europe, the group continues to rebound swiftly. “This is not a loose group of opportunistic hackers,” he emphasized.

Rather than relying solely on software flaws, Scattered Spider frequently exploits human error. The M&S and Co-op attacks, for example, were the result of “social engineering,” where attackers manipulated employees into revealing credentials.

Their tactics include mimicking corporate emails, sim swapping (cloning a phone number to hijack accounts), and building convincing fake login portals. “This is akin to ‘breaking down the front door’ of networks,” Paul Cashmore, CEO of Solace Cyber, told The Times. Once inside, Scattered Spider typically partners with ransomware gangs to carry out the final blow.

In these recent cases, the group appears to have collaborated with DragonForce, a ransomware cartel. Initially known as a pro-Palestinian hacktivist group based in Malaysia, DragonForce now operates a “ransomware-as-a-service” model. According to Bleeping Computer, they allow affiliates to use their tools and infrastructure in exchange for 20-30% of ransom payments.

The core motivation is financial gain. DragonForce reportedly reached out to the BBC claiming the Co-op breach was more severe than disclosed, hinting at an extortion attempt.

Organizations like the Co-op, which house personal data of millions, are prime targets. Once a system is locked, hackers demand large ransoms in return for decryption tools and promises to delete stolen data. “If a ransom is not paid, the ransomware operation typically publishes the stolen data on their dark web data leak site,” Bleeping Computer explained.

Whether or not to pay remains a complex dilemma. “Paying may provide a quick way to restore operations, protect customer data and limit immediate financial and reputational damage,” noted The Times. However, it also risks emboldening cybercriminals and marking companies as future targets.
Read more »
Subscribe to: Posts (Atom)