Hackers who targeted Marks & Spencer and the Co-op tricked IT workers to gain access into their companies systems, according to a report.
The “social engineering” attack on the Co-op allowed cybercriminals to reset an employee’s password before breaching the network, with a similar tactic used against M&S, sources revealed to BleepingComputer website.
Hundreds of agency workers at Marks & Spencer were told not to come into work as the retailer dealt with the fallout of a cyberattack which saw the company lose £650m of value in a matter of days.
The disruption began in April when contactless payments and click-and-collect orders were affected, before M&S chief executive Stuart Machin wrote to customers confirming the problem, adding that the retailer would be implementing “minor, temporary changes” to in-store operations as the company manages the ongoing “cyber incident”.
The National Cyber Security Centre (NCSC) has issued new guidance to combat the “social engineering” technique used against the UK supermarkets by the hackers from the Scattered Spider network.
“Criminal activity online — including, but not limited to, ransomware and data extortion — is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared,” said Jonathon Ellison, NCSC’s national resilience director, and Ollie Whitehouse, its chief technology officer, in a blog post according to The Times.
They have advised organisations to “review help desk password reset processes” and pay particular attention to “admin” accounts, which generally have more access throughout a company’s network.
The Scattered Spider network is a group of young men in the UK and US who drew notoriety in September 2023 when members broke into and locked up the networks of casino operators Caesars Entertainment and MGM Resorts International, and demanded hefty ransoms. Caesars paid about $15 million to restore its network.
It specialises in “breaking down the front door” of networks before handing over to a “ransomware” gang who cripple the network and extort its owner, the Times reported.
Tyler Buchanan, a Scottish man accused of being a leading member of the group, was extradited to the United States from Spain last month after being charged with attempting to hack into dozens of companies, Bloomberg News reported, citing a US Justice Department official.
At the time of the attack, M&S said it is “working extremely hard to restart online and app shopping” and apologised again for the disruption to shoppers. It had already been unable to process click and collect orders in stores after being impacted by the “cyber incident”.
The company reported the incident to data protection supervisory authorities and the National Cyber Security Centre.
