Scattered Spider hackers in UK are ‘facilitating' cyber-attacks, says Google
UK-based members of the Scattered Spider hacking community are actively 'facilitating' cyber-attacks, according to Google, as disruption to British retailers spreads to the US.
A group of hackers labelled 'Scattered Spider' have been linked with attacks on UK retailers Marks & Spencer, the Co-op and Harrods, with Google cybersecurity experts warning this week that unnamed retailers across the Atlantic are being targeted as well.
Charles Carmakal, the chief technology officer at Google's Mandiant cybersecurity unit, said that the threat had moved to the US in a pattern typical of Scattered Spider assailants.
Related: Largest US crypto exchange says cost of recent cyber-attack could reach $400m
'They tend to focus on a particular industry sector and geography for a few weeks and then they move on to something else,' he said. 'And right now they're focused on retail organisations. They start in the UK, and now they've shifted to US organisations.'
Asked if UK members of Scattered Spider were involved in hacking M&S, he said: 'Without specifically naming who the victims are I will say broadly Scattered Spider members in the UK are facilitating and contributing to intrusions.'
On Friday it emerged that M&S had warned its staff that some of their personal data may have been stolen in the cyber-attack last month. Sources told the Daily Telegraph that workers were told email addresses and full names were believed to have been taken as part of the hack.
Earlier this week M&S revealed that some personal information relating to thousands of customers was taken by the hackers.
The targeting of retailers in the UK, and the techniques associated with Scattered Spider, has prompted the country's cybersecurity agency to warn companies to look out for specific tactics.
In an advisory note, the National Cyber Security Centre told businesses to look at how their IT help desks help staff members reset passwords. One gambit associated with Scattered Spider – a name coined for a set of hacking tactics rather than an homogenous group – is to ring up IT help desks and pretend to be employees or contractors in order to gain access to company systems.
'What we're seeing is they're making telephone calls, calling up help desks, pretending to be employees and convincing helpdesks to reset passwords,' said Carmakal.
Carmakal added that the task of ringing up helpdesks was sometimes carried out by younger members of the Scattered Spider network.
'It's not always the [threat] actors themselves … that are actually making the phone calls. They outsource some of that work to other members of the broader community, generally younger individuals that aggregate on Telegram and Discord and want to make a few hundred bucks.'
Scattered Spider is unusual among hacking groups deploying ransomware because it is composed of native English speakers from countries such as the UK, US and Canada. Carmakal said he had listened to 'countless calls' that Scattered Spider hackers have made to company employees, 'whether they were extorting them, or trying to convince somebody to provide credentials or harassing somebody'.
Ransomware gangs infect their targets' computer systems with malicious software that effectively locks up their internal files, which the criminals then offer to release in exchange for a payment. Typically, these gangs are from Russia or former Soviet states.
Carmakal's comments came as French luxury brand Dior said this week an 'unauthorised external party' had accessed some customer data. The scale of the breach and the identity of the attacker remains unclear, although Paris-based Dior said no payment information had been taken.
This week Google's cybersecurity specialists said Scattered Spider was targeting US retailers.
'The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to … Scattered Spider,' said John Hultquist, the chief analyst at Google Threat Intelligence Group. 'The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
28 minutes ago
- Yahoo
Google is sunsetting Chrome updates for Android 8 and 9
When you buy through links on our articles, Future and its syndication partners may earn a commission. Google announced it will no longer be updating Chrome for users on Android 8.0 and Android 9.0. Even though Chrome will continue to work on their phones, users will not get updates beyond Chrome version 138. Starting around August 5th, Chrome version 139 will need Android 10 or newer to keep getting Chrome updates. Google announced that it will stop bringing updates for Chrome versions running on Android 8.0 (Oreo) and Android 9.0 (Pie) in the next few weeks. On its support page, Google explained that Chrome version 138 will be the last update available to the above Android users, following which they may need to upgrade to Android 10.0 to receive Chrome version 139, which is scheduled to release on August 5. Phones that run on Oreo and Pie were typically released in the mid-to-late 2010s. And according to the latest Android distribution chart, approximately 9.8% phones are still running on Android versions Oreo and Pie. This includes some of the first-ever Google Pixel phones, up to the Pixel 3XL, Samsung Galaxy S8 and S8 Plus, OnePlus 5/5T, and so on. In contrast, about 10.2% of phones run on Android 10 (Q), which means that Chrome will likely be compatible on this Android version for the next few years at least, based on how long Android 10 remains widely used. That said, Google confirmed that Chrome will still continue to function as usual on Android 8 and 9, but won't be receiving any new updates going forward. Google recommends that users on these older versions update their devices to Android 10.0 or newer if possible. If you're someone who is unsure if this change might impact you, here's how to check your Android version or update your device. Head to your device's Settings menu under "About phone" or "System updates." That said, companies usually stop updating older versions of the software as they focus on bringing better features to new versions. With the recent rollout of stable Android 16, introducing features like Material 3 Expressive, it is recommended to upgrade to a device that supports some of the newer Android versions to continue to receive timely updates, even though Android 10 is currently the minimum requirement.
Yahoo
29 minutes ago
- Yahoo
Venue cancels Marilyn Manson's performance following campaign
A Brighton venue has cancelled rock star Marilyn Manson's show, following pressure from a campaign group and an MP. Manson – real name Brian Warner – was set to kickstart the UK leg of his One Assassination Under God Tour at the Brighton Centre on Wednesday, October 29. Now, customers have been informed by Ticketmaster that the event has been cancelled and they will be refunded. An online campaign group, No Stage for Abusers, called on the Brighton Centre, and Brighton and Hove City Council, which owns the venue, to cancel the performance. In January, a year-long investigation into Manson was dropped. California prosecutors said allegations against Manson exceeded the statute of limitations, adding that they cannot prove charges beyond a reasonable doubt. Manson has repeatedly denied the accusations and dismissed the claims as "falsehoods". Known for his eccentric stage persona and provocative statements and behaviour, Manson has long been a controversial figure. Last week MP Siân Berry expressed her concerns about Manson's upcoming performance in an open letter to leader of Brighton and Hove City Council, Bella Sankey. In Siân's letter she urged the council to consider cancelling the event as she believes it goes against 'the city's well-renowned values'. One person told The Argus: "This is cancel culture nothing more, and it'll backfire when artists don't add a Brighton and Hove date to their tours and stick to London, which incidentally haven't banned Marilyn Manson from their city. Set a very worrisome precedent."
Yahoo
29 minutes ago
- Yahoo
Google Workspace gets bolstered with Gemini with June feature drop
When you buy through links on our articles, Future and its syndication partners may earn a commission. Google's June feature drop is bringing a boost to Workspace with Gemini integration. Users will now be able to connect Workspace apps, such as Gmail, Keep, Calendar, and more, with Gemini to receive personalized suggestions based on Workspace data. Google Slides and Vids will also receive a boost with the integration of Veo 3, Gemini's latest video generation model. Gemini Live will also be integrated into Workspace apps, so that users can have real-time conversations with the AI chatbot and brainstorm ideas on the go. Google's June feature drop brings a boost of Gemini into the Workspace ecosystem. Its latest AI video generation model is being integrated into Slides and Vids, while Gmail, Calendar, and other Workspace apps are getting Gemini's latest smarts. Veo 3 will now be able to generate high-quality video clips with realistic sound by simply giving it a prompt within Vids and Slides. For instance, if you're working on a DIY or training video and need a shot of a worker wearing a specific item to introduce a safety training or a video on how to safely start a campfire, all users need to do is describe it, and Vids will create it for you. "To help you create high-quality content, faster, we're adding powerful new features into Google Slides and Google Vids — our new AI-powered video creation app for work," Google stated in its press release. Once the video is generated, users can go in and make edits to scripts within every scene and also modify voiceovers if needed. Google Slides will now showcase several pre-designed templates that will help users select the one that fits their needs while crafting presentations. From project proposals and team meetings to creative portfolios, users can find these templates in the template gallery within Google Slides. As for the rest of the Workspace apps, Gemini will now be able to access information from Gmail, Drive, Keep, and more, to help you quickly access information across these apps. For instance, if you need a specific document from Drive or want to review your unread emails quickly, Gemini can summarize them for you. The tech gain is also bringing Gemini Live to Workspace to help users have intuitive conversations, brainstorm ideas, or simply ask Gemini a work-related question. Furthermore, Gemini's Deep Research abilities also come into play. When users upload a large document to Gemini from Google Drive, it can now combine that information with public data to give them a detailed report. It also summarizes key insights and specific facts to give users a fully rounded understanding of the topic. That said, it is important to note that Google is keeping things private when it comes to Workspace data. The tech giant reiterates that the data won't be used to train its Gemini model, and you are always in control of your privacy settings. Gemini in Workspace is widely available, and users can give it a spin today.
