Latest news with #Carmakal
Yahoo
21-05-2025
- Business
- Yahoo
Scattered Spider hackers in UK are ‘facilitating' cyber-attacks, says Google
UK-based members of the Scattered Spider hacking community are actively 'facilitating' cyber-attacks, according to Google, as disruption to British retailers spreads to the US. A group of hackers labelled 'Scattered Spider' have been linked with attacks on UK retailers Marks & Spencer, the Co-op and Harrods, with Google cybersecurity experts warning this week that unnamed retailers across the Atlantic are being targeted as well. Charles Carmakal, the chief technology officer at Google's Mandiant cybersecurity unit, said that the threat had moved to the US in a pattern typical of Scattered Spider assailants. Related: Largest US crypto exchange says cost of recent cyber-attack could reach $400m 'They tend to focus on a particular industry sector and geography for a few weeks and then they move on to something else,' he said. 'And right now they're focused on retail organisations. They start in the UK, and now they've shifted to US organisations.' Asked if UK members of Scattered Spider were involved in hacking M&S, he said: 'Without specifically naming who the victims are I will say broadly Scattered Spider members in the UK are facilitating and contributing to intrusions.' On Friday it emerged that M&S had warned its staff that some of their personal data may have been stolen in the cyber-attack last month. Sources told the Daily Telegraph that workers were told email addresses and full names were believed to have been taken as part of the hack. Earlier this week M&S revealed that some personal information relating to thousands of customers was taken by the hackers. The targeting of retailers in the UK, and the techniques associated with Scattered Spider, has prompted the country's cybersecurity agency to warn companies to look out for specific tactics. In an advisory note, the National Cyber Security Centre told businesses to look at how their IT help desks help staff members reset passwords. One gambit associated with Scattered Spider – a name coined for a set of hacking tactics rather than an homogenous group – is to ring up IT help desks and pretend to be employees or contractors in order to gain access to company systems. 'What we're seeing is they're making telephone calls, calling up help desks, pretending to be employees and convincing helpdesks to reset passwords,' said Carmakal. Carmakal added that the task of ringing up helpdesks was sometimes carried out by younger members of the Scattered Spider network. 'It's not always the [threat] actors themselves … that are actually making the phone calls. They outsource some of that work to other members of the broader community, generally younger individuals that aggregate on Telegram and Discord and want to make a few hundred bucks.' Scattered Spider is unusual among hacking groups deploying ransomware because it is composed of native English speakers from countries such as the UK, US and Canada. Carmakal said he had listened to 'countless calls' that Scattered Spider hackers have made to company employees, 'whether they were extorting them, or trying to convince somebody to provide credentials or harassing somebody'. Ransomware gangs infect their targets' computer systems with malicious software that effectively locks up their internal files, which the criminals then offer to release in exchange for a payment. Typically, these gangs are from Russia or former Soviet states. Carmakal's comments came as French luxury brand Dior said this week an 'unauthorised external party' had accessed some customer data. The scale of the breach and the identity of the attacker remains unclear, although Paris-based Dior said no payment information had been taken. This week Google's cybersecurity specialists said Scattered Spider was targeting US retailers. 'The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to … Scattered Spider,' said John Hultquist, the chief analyst at Google Threat Intelligence Group. 'The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.'
Daily Mail
29-04-2025
- Business
- Daily Mail
M&S cyber attack is linked to gang of teenage hackers called 'Scattered Spider' who also targeted casino giant MGM
An alleged cyber attack which has crippled Marks and Spencer has been linked to notorious teenage hacking gang, Scattered Spider. The retailer has been left reeling following the devastating hack which forced it to halt online sales for five days - with its share prices plummeting by more than £500m. Now experts assisting M&S have claimed the cartel of cyber criminals - thought to be made up of British and American youths - could be behind the online security breach. Scattered Spider uses the hacking tools developed by the Russia-linked group known as BlackCat and ALPHV, which may indicate a business partnership between the groups to share in ransom payments. They have previously been linked with major hacks that incapacitated casino giants MGM Resorts International and Caesers Entertainment. The group reportedly used a digital attack to knock out slot machines at MGM and disrupt other systems, while gang members raided personal details of customers in a separate incident at Caesers. The ransomware hack against M&S is understood to have locked down many of the retailer's systems, reports the Telegraph. Ransomware attacks can happen when a criminal gang infiltrates a victim's IT infrastructure, using a computer virus to encrypt files and computers, before hackers then demand a ransom fee to unlock them. An alleged cyber attack which has crippled Marks and Spencer has been linked to notorious teenage hacking gang, Scattered Spider. Such fees can run into the millions. The gang, also known as UNC3944, has hit telecom and business process outsourcing companies in the past, but more recently also targeted critical infrastructure organisations, according to analyst reports. Charles Carmakal, chief technology officer at Mandiant Intelligence, called Scattered Spider 'one of the most prevalent and aggressive threat actors impacting organizations in the United States today.' 'Many members are native English speakers and are incredibly effective social engineers,' he wrote, referring to the tactic of duping human targets, including over the phone. 'They leverage tradecraft that is challenging for many organizations with mature security programs to defend against,' Carmakal said in a post on LinkedIn. Following the alleged attack, some M&S stores have been left with empty shelves as the beleaguered retailer continues to battle with fallout of a crippling hack. Shoppers have been left furious after some outlets were left 'completely empty', with items including bananas, fruit and vegetables, fish and Colin the Caterpillar cakes out of stock. Some sites have been so badly blighted by the lack of stock, they have reportedly been forced to display signs on hot food counters saying 'temporarily closed'. When asked, staff reportedly claimed the supply woes were linked to the suspected cyber attack, which has already forced M&S to cancel online orders. An M&S spokeswoman told MailOnline: 'As part of our proactive management of the incident, we took a decision to take some of our systems temporarily offline. 'As a result, we currently have pockets of limited availability in some stores. We are working hard to get availability back to normal across the estate. Empty shelves are the latest warning sign that M&S is struggling to deal with aftermath of the alleged cyber attack over Easter. The woes began with the halting of click-and-collect orders and the downing of M&S contactless payment systems, which impacted stores nationwide over the bank holiday weekend. On Monday, shoppers were left unable to make purchases online for a fourth day. In a message on its website, M&S said the pause on orders was 'part of our proactive management of a cyber incident'. However, the retailer has so far not given an indication on when the chaos will end. Shoppers have been left increasingly outraged at the disruption, with some taking to social media to share their anger. One claimed to have driven an hour to an M&S store in Aberdeen, only to find shelves bare and items missing. 'I appreciate the ongoing issues but M&S need to keep customers better informed,' they raged online. Another added: 'Monday afternoon and empty shelves in your @marksandspence Foyleside store! Now this is becoming a common issue with this store everytime I visit.' Another disgruntled shopper wrote: 'When will online orders resume? I go on holiday at the weekend and have been waiting to order some clothes for my children.' While others shared memes with the slogan: 'This is not just a cyber attack. This is an M&S cyber attack.' M&S has insisted it will refund orders placed by customers on Friday, while those who want to collect orders made online are being urged to wait for an email telling them when to do so. As well as causing mayhem in stores, the aftermath of the suspected cyber attack also led to disruption for deliveries, workers said, with stores reportedly receiving fewer pallets that normal. And on Monday, agency staff based at one of M&S's major distribution centres in the East Midlands were told to stay home, as the crisis continued to deepen. The mayhem has already seen M&S stock plunge three per cent this week, as the retailer grapples to regain control following the Easter weekend cyber 'incident'. Jane Foley head of FX strategy at Rabobank told BBC Radio 4 the fallout of the cyber attack against M&S had left shareholders spooked – with stock prices tumbling. 'Some investors are thinking enough is enough. About £700m has been wiped off the value Marks and Spencers on the stock market... they really do need to come through with some positive news fast to stop investors getting too nervous,' she said. Nayna McIntosh , who spent 30 years in fashion retail including five as part of M&S's executive committee, said bosses at the struggling retail giant were in an 'unenviable position'. 'There will be some very difficult conversations taking place in Paddington,' she warned. 'I come at this as somebody who started my retail career as a Saturday girl more years than I care to think about, so I have a deep affection for the brand and this is really painful to see.' Speaking of the continued decision to pause online orders as tech gurus continue to scramble to fix the cyber attack, she said: 'It's almost like cutting off one of your limbs. 'It's a third of their business and it is the disruption that it puts customers in and starts them asking questions. 'It will have been a very difficult decision to have made on Friday and as it enters a second week, for them still to be there will be incredibly painful.' Nicholas Found, from Retail Economics, told the Telegraph: 'While the true cost will only be clear once the dust settles, it's likely to be costing Marks & Spencer seven figures per day, as digital channels have been offline for a prolonged period.'
