Latest news with #DragonForce
Yahoo
14 hours ago
- Business
- Yahoo
Retail cyberattacks: AI making threats 'more advanced and personalised'
The use of artificial intelligence (AI) by perpetrators of cyberattacks is increasing the threat to retailers and their customers, according to a cybersecurity industry leader. Speaking on an episode of GlobalData's Instant Insights podcast, Charlotte Wilson, head of enterprise sales at cybersecurity company Check Point Software, said that while the form that cyberattacks take has not changed a great deal, AI is being used to make them more effective. This embedded content is not available in your region. 'I think they're getting far more advanced and highly personalised because of AI,' said Wilson. 'If you take this retail attack, any of the retailers right now, the primary attack is to get the money from the retailer to free up access back to their information, and that's the ransomware itself for the company, the retailer, to pay or not pay or negotiate. 'The secondary attack is all that information that has been gathered can then be sold to other people that then might do a secondary activity with it. And that's where some of the sophistication comes in. That's where social engineering comes in.' Social engineering is the practice of deceiving and manipulating individuals into performing specific actions. It is a well-known tactic of email scammers who purport to be people or companies that they are not to trick victims into giving them personal information. Of the role of retail cyberattacks in facilitating this, Wilson explained: 'There's the first attack, which is to the retailer. The secondary attack is to you and me, the mums and dads, brothers and sisters, the consumer – and AI is making them something you're more likely to click on because they're much more personalised. 'It could be so much as, 'I see that you bought this in the last time that you visited our store. We hope that was great for you. Here's some personalised offers for you based on what you like to shop for,' and if I've got access to you as a loyalty scheme customer, I probably know quite a bit about you.' Wilson was speaking on the episode following the recent spate of cyberattack targeting UK retailers including Marks and Spencer, Co-op and Harrods. They are thought to have been perpetrated by a group known as Scattered Spider using a ransomware-as-a-service platform called DragonForce, of which Wilson says: 'There will be operators that design the ransomware attacks and the malware, and then there are affiliates that will go and use those and exploit it and hold people to ransom. They sometimes have a profit-share model, so it's a profitable way of doing cybercrime.' Despite widespread coverage of the recent attacks, Check Point, which carries out its own cybersecurity research, finds retail to be only the fifth most hacked industry at present. 'It's way, way behind education, government and healthcare,' said Wilson. 'So, it's actually not the biggest attacked. We think they're dealing with about 300 attacks per week. It starts to get into the 1000s when you start to get into the other industries. 'However, obviously once you're in you can hold to ransom at a higher rate because it's so much more public, and you can see just the press at the moment is reporting the retail hacks pretty much every other day.' Wilson went on to explain that retailers are at a particular disadvantage as they typically have a much larger potential attack surface than businesses in other industries. 'Retailers have an incredibly hard job because they're dealing with so many different suppliers of varying degrees,' said Wilson. 'The networks are dynamic. They have lots of things attached to them, so I think they have a really complex job, and, from a hacker's perspective, the path of least resistance is the one they'll choose. 'If you've got lots of things that you have to maintain, you have to make sure are patched, secured and controlled across many different interfaces, it's much easier for you to have something that isn't as up to date as it should be, or isn't as protected as it could be, they're much more susceptible to mistakes.' Wilson gave two main recommendations for retailers to help keep their cybersecurity tight. 'One clear thing they can do is monitor the third-party access to their networks,' she said. 'One challenge that retailers have that is unique is that some of the suppliers to them might be quite small, and so may not hold the same level of security in their organisation as maybe the retailer is.' In addition, she noted that collaboration between security and IT teams when patching vulnerabilities is required is not always adequate. Wilson is of the opinion that the handling of common vulnerability exploits (CVEs) – vulnerabilities that are identified and need to be patched – often fails as a result of miscommunication or misunderstanding between the two teams within a business. 'I just think the CVE part never really gets taken all that seriously,' she explained. 'That bit, for me, is a big thing. If it's being handled by your IT team as opposed to your security team, I think it's important that the security team stress the need for those certain CVEs that are critical to get patched and sorted, or to put those people outside of a blast zone.' "Retail cyberattacks: AI making threats 'more advanced and personalised'" was originally created and published by Just Food, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site.
France 24
21-05-2025
- Business
- France 24
Cyberattack costs UK retailer Marks & Spencer £300 mn
Marks last week revealed that some personal data of its customers had been stolen in a cyberattack that has crippled its online services for weeks. "In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient," Marks said in a statement. "We expect online disruption to continue throughout June and into July as we restart, then ramp up operations." The impact on annual group operating profit is estimated at around £300 million, "which will be reduced through management of costs, insurance and other trading actions", the retailer added. The news came as Marks on Wednesday reported operating profit before adjusting items of £985 million for its financial year to the end of March. Following the update, its share price dropped 2.5 percent at the start of trading in London. Group operations have since Easter been hampered by a ransomware sting which forced the retailer to suspend online sales, contactless payments at stores and even recruiting operations. Marks said information stolen could include names, dates of birth, home addresses and telephone numbers. However, it did not include "useable payment or card details", nor account passwords. The company reported the incident to relevant government authorities and law enforcement. "There's still a big unknown regarding any potential fines on Marks and Spencer from the Information Commissioner's Office, which enforces data protection regulation" in Britain, noted Dan Coatsworth, investment analyst at trading group AJ Bell. Taking into account the way the fine is calculated and previous penalties handed down to UK companies for data breaches, Marks could take a further hit totalling around £550 million, he added. 'Crime investigation' Britain's National Crime Agency told the BBC it is investigating a series of cyberattacks including on luxury department store Harrods and the Co-op food chain. "We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses," Paul Foster, head of the NCA's national cybercrime unit, told a BBC documentary. The BBC said on its website "the hacks have been carried out using DragonForce, a platform that gives criminals the tools to carry out ransomware attacks." Despite the Marks attack having a bigger impact, chief executive Stuart Machin described it as only "a bump in the road". © 2025 AFP
Straits Times
21-05-2025
- Business
- Straits Times
Cyberattack costs UK retailer Marks & Spencer $519 million
Marks and Spencer said information stolen could include names, dates of birth, home addresses and telephone numbers. PHOTO: REUTERS LONDON - British clothes-to-food retailer Marks and Spencer on May 21 said a cyberattack disrupting its online service is set to last through to July and hit group profit by around £300 million (S$519 million). Marks last week revealed that some personal data of its customers had been stolen in a cyberattack that has crippled its online services for weeks. 'In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient,' Marks said in a statement. 'We expect online disruption to continue throughout June and into July as we restart, then ramp up operations.' The impact on annual group operating profit is estimated at around £300 million, 'which will be reduced through management of costs, insurance and other trading actions', the retailer added. The news came as Marks on May 21 reported operating profit before adjusting items of £985 million for its financial year to the end of March. Following the update, its share price dropped 2.5 per cent at the start of trading in London. Group operations have since Easter been hampered by a ransomware sting which forced the retailer to suspend online sales, contactless payments at stores and even recruiting operations. Marks said information stolen could include names, dates of birth, home addresses and telephone numbers. However, it did not include 'useable payment or card details', nor account passwords. The company reported the incident to relevant government authorities and law enforcement. 'There's still a big unknown regarding any potential fines on Marks and Spencer from the Information Commissioner's Office, which enforces data protection regulation' in Britain, noted Dan Coatsworth, investment analyst at trading group AJ Bell. Taking into account the way the fine is calculated and previous penalties handed down to UK companies for data breaches, Marks could take a further hit totalling around £550 million, he added. 'Crime investigation' Britain's National Crime Agency told the BBC it is investigating a series of cyberattacks including on luxury department store Harrods and the Co-op food chain. 'We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses,' Mr Paul Foster, head of the NCA's national cybercrime unit, told a BBC documentary. The BBC said on its website 'the hacks have been carried out using DragonForce, a platform that gives criminals the tools to carry out ransomware attacks'. Despite the Marks attack having a bigger impact, chief executive Stuart Machin described it as only 'a bump in the road'. He added: 'It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business.' AFP Join ST's Telegram channel and get the latest breaking news delivered to you.
Int'l Business Times
21-05-2025
- Business
- Int'l Business Times
Cyberattack Costs UK Retailer Marks & Spencer GBP300 Mn
British clothes-to-food retailer Marks and Spencer on Wednesday said a cyberattack disrupting its online service is set to last through to July and hit group profit by around GBP300 million ($404 million). Marks last week revealed that some personal data of its customers had been stolen in a cyberattack that has crippled its online services for weeks. "In Fashion, Home & Beauty, online sales and trading profit have been heavily impacted by the necessary decision to pause online shopping, however stores have remained resilient," Marks said in a statement. "We expect online disruption to continue throughout June and into July as we restart, then ramp up operations." The impact on annual group operating profit is estimated at around GBP300 million, "which will be reduced through management of costs, insurance and other trading actions", the retailer added. The news came as Marks on Wednesday reported operating profit before adjusting items of GBP985 million for its financial year to the end of March. Following the update, its share price dropped 2.5 percent at the start of trading in London. Group operations have since Easter been hampered by a ransomware sting which forced the retailer to suspend online sales, contactless payments at stores and even recruiting operations. Marks said information stolen could include names, dates of birth, home addresses and telephone numbers. However, it did not include "useable payment or card details", nor account passwords. The company reported the incident to relevant government authorities and law enforcement. "There's still a big unknown regarding any potential fines on Marks and Spencer from the Information Commissioner's Office, which enforces data protection regulation" in Britain, noted Dan Coatsworth, investment analyst at trading group AJ Bell. Taking into account the way the fine is calculated and previous penalties handed down to UK companies for data breaches, Marks could take a further hit totalling around GBP550 million, he added. Britain's National Crime Agency told the BBC it is investigating a series of cyberattacks including on luxury department store Harrods and the Co-op food chain. "We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses," Paul Foster, head of the NCA's national cybercrime unit, told a BBC documentary. The BBC said on its website "the hacks have been carried out using DragonForce, a platform that gives criminals the tools to carry out ransomware attacks." Despite the Marks attack having a bigger impact, chief executive Stuart Machin described it as only "a bump in the road". He added: "It has been challenging, but it is a moment in time, and we are now focused on recovery, with the aim of exiting this period a much stronger business."
Yahoo
21-05-2025
- Business
- Yahoo
Police investigation into UK retail hacks focuses on English-speaking youths
Detectives investigating cyber attacks on UK retailers are focussing on a notorious cluster of cyber criminals known to be young English-speakers, some of them teenagers, police have revealed. For weeks speculation has mounted that disruptive attacks on M&S, Co-op, Harrods and some US retailers could be the work of a hacking community called Scattered Spider. Speaking about the hacks for the first time, the National Crime Agency (NCA) has told BBC News the group is a key part of its ongoing investigation to find the culprits. "We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses and we'll follow the evidence to get to the offenders," Paul Foster, head of the NCA's national cyber crime unit, said in a new BBC documentary. "In light of all the damage that we're seeing, catching whoever is behind these attacks is our top priority," he added. The wave of attacks, which began at Easter, have resulted in empty shelves in stores, the suspension of online ordering, and millions of people's private data being stolen. The hacks have been carried out using DragonForce, a platform that gives criminals the tools to carry out ransomware attacks. However, the hackers pulling the strings have still not been identified and no arrests have been made. Some cyber experts say the hackers display the traits of Scattered Spider, a loose community of often young individuals who organise across sites like Discord, Telegram and in forums, most likely located in the UK and US. Although the NCA says it is exploring all parts of the cyber crime ecosystem, it too is looking in the same direction. "We know that Scattered Spider are largely English-speaking but that doesn't necessarily mean that they're in the UK - we know that they communicate online amongst themselves in a range of different platforms and channels, which is, I guess, key to their ability to then be able to operate as a collective," Mr Foster said. M&S has been hit with ransomware, which has scrambled the company's servers rendering computer systems useless. The high street giant is still struggling to keep shelves stocked and has halted online shopping for weeks. Hackers have also stolen customer and employee data from the company. At Co-op, staff took systems offline to prevent a ransomware infection but a huge amount of customer and staff data was stolen and is being held to ransom. Operations at the firm's supermarkets, insurance offices and funeral services have been badly affected. It is not known what is happening at Harrods but the company admitted it had to pull computer systems offline because of an attempted cyber attack. When the hackers behind the M&S and Co-op attacks anonymously contacted the BBC last week, they declined to say whether or not they were Scattered Spider. Cyber security researchers at CrowdStrike formed the name "Scattered Spider" because of the group's sporadic nature, but other cyber companies have given the cluster nicknames including Octo Tempest and Muddled Libra. The group was also linked to high-profile attacks including on two US casinos in 2023 and Transport for London last year. And in November, the US charged five British and American men and boys in their twenties and teens for alleged Scattered Spider activity. One is 23-year-old Scottish man Tyler Buchanan, who has not made a plea, and the rest are US based. NCA investigators will not say how the retail hackers have managed to breach victim organisations but earlier this month, the National Cyber Security Centre issued guidance to organisations urging them to review their IT help desk password reset processes. "Calling up IT help desks is a tactic that Scattered Spider seems to favour and they use social engineering techniques to manipulate someone into doing something like clicking on a link or resetting someone's account to a password they can use," Lisa Forte, from cyber security firm Red Goat, explained. In the BBC documentary, a former teen hacker who was arrested nine years ago and now works in cyber security, said he was not surprised that teenagers could be behind the hacks. "It wouldn't surprise me - quite [the] opposite. The tools are readily available and it's very easy to jump online and search straight away. You can feel a bit untouchable but for what end? You're gonna be arrested 99% of the time," he said. A letter from the M&S hackers landed in my inbox - this is what happened next Cyber attack threat keeps me awake at night, bank boss says 'They yanked their own plug': How Co-op averted an even worse cyber attack Sign up for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? Sign up here.
