Latest news with #ScatteredSpider
Yahoo
3 days ago
- Business
- Yahoo
Victoria's Secret takes down website after cyberattack
The lingerie company Victoria's Secret has paused online orders while dealing with an apparent cyberattack. Since at least Wednesday, Victoria's Secret's website has been replaced with a generic message and no links: 'Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations. We appreciate your patience during this process.' The company's physical stores remain open, it says. A Victoria's Secret spokesperson said it has hired third-party experts to deal with the problem but declined to answer questions about the specific nature of the cybersecurity issue and how long it might take to remedy. The perpetrators are unknown, but the incident comes two weeks after Google warned that an effective cybercriminal group — one that had significantly hampered British retail companies — had begun targeting major American brands. The cyberattacks against British retailers, which began in late April, followed a consistent pattern. A group that Google said was most likely a loosely affiliated group of largely young, English-speaking young men — the cybersecurity industry refers to it as Scattered Spider — tricked people tied to the company into sharing access to sensitive company systems. Scattered Spider then appears to have given that access to a cybercriminal group, which calls itself DragonForce and makes money by extorting victims with sensitive data. At least three British retailers appear to have been victims of that campaign: Marks & Spencer, which stopped taking online orders for weeks; the Co-op Group, which saw a major customer data breach; and Harrod's, which appears to have sustained only minor outages. Those attacks echo those in 2023 against two of the top Las Vegas casino companies, which caused MGM Resorts to suffer a litany of shutdowns, including some hotel keycards not opening guests' rooms and some casino floors shutting down. In that case, cybersecurity researchers believed Scattered Spider gave access to a Russian-speaking cybercrime group. This article was originally published on
NBC News
3 days ago
- Business
- NBC News
Victoria's Secret takes down website after 'security incident'
The lingerie company Victoria's Secret has paused online orders while dealing with an apparent cyberattack. Since at least Wednesday, Victoria's Secret's website has been replaced with a generic message and no links: 'Valued customer, we identified and are taking steps to address a security incident. We have taken down our website and some in store services as a precaution. Our team is working around the clock to fully restore operations. We appreciate your patience during this process.' The company's physical stores remain open, it says. A Victoria's Secret spokesperson said it has hired third-party experts to deal with the problem but declined to answer questions about the specific nature of the cybersecurity issue and how long it might take to remedy. The perpetrators are unknown, but the incident comes two weeks after Google warned that an effective cybercriminal group — one that had significantly hampered British retail companies — had begun targeting major American brands. The cyberattacks against British retailers, which began in late April, followed a consistent pattern. A group that Google said was most likely a loosely affiliated group of largely young, English-speaking young men — the cybersecurity industry refers to it as Scattered Spider — tricked people tied to the company into sharing access to sensitive company systems. Scattered Spider then appears to have given that access to a cybercriminal group, which calls itself DragonForce and makes money by extorting victims with sensitive data. At least three British retailers appear to have been victims of that campaign: Marks & Spencer, which stopped taking online orders for weeks; the Co-op Group, which saw a major customer data breach; and Harrod's, which appears to have sustained only minor outages. Those attacks echo those in 2023 against two of the top Las Vegas casino companies, which caused MGM Resorts to suffer a litany of shutdowns, including some hotel keycards not opening guests' rooms and some casino floors shutting down. In that case, cybersecurity researchers believed Scattered Spider gave access to a Russian-speaking cybercrime group.
The Herald Scotland
3 days ago
- Business
- The Herald Scotland
Why are they making celebrities out of cyber criminals?
The past few weeks have painted a bleak picture of Britain's digital defences. Empty shelves at M&S, supply chain disruptions at Co-op, and systems offline at Harrods. It's like a dystopian episode of The Great British Bake Off, except instead of soggy bottoms, we're dealing with compromised servers. Enter Scattered Spider, a loose collective of predominantly English-speaking hackers, many reportedly teenagers, who may have brought Britain's biggest retailers to their knees. The National Crime Agency has confirmed it's investigating this group's potential involvement, marking the first time authorities have publicly named them as suspects. Here's where things get awkward. CrowdStrike, the cybersecurity giant, has been producing impressive figurines of various hacking groups, complete with dramatic packaging and "Know them, find them, stop them" taglines. But as BBC Technology Correspondent Joe Tidy astutely points out, are we inadvertently glamorising these groups? There's something deeply uncomfortable about turning cybercriminals into collectible merchandise. It's like creating action figures of bank robbers - technically educational, but potentially sending mixed messages. The irony isn't lost on anyone. We're making celebrities out of criminals while simultaneously trying to catch them. While figurines make conversation starters, the real excitement lies in the cutting-edge technologies being developed to combat these threats. Take Heriot-Watt University's ground breaking Integrated Quantum Networks (IQN) Hub. Professor Gerald Buller's team is developing quantum encryption that's near unbreakable, using quantum mechanics to create security keys that change every time someone tries to crack them. Cybercrime costs UK businesses £27bn annually. What's particularly fascinating about groups like Scattered Spider is their demographic, often teenagers communicating through Discord and Telegram, who possibly live in suburbs near the retailers they're targeting. Joe Tidy's direct communication with the hackers reveals criminals who are articulate, strategic, and frustratingly ordinary. They're not cartoon villains, they're people who've chosen criminal applications for their technical skills. As the UK aims to become a quantum-enabled economy by 2035, quantum technologies will form the backbone of next-generation cybersecurity infrastructure. Unlike current encryption relying on mathematical complexity, quantum security uses physics itself as protection, theoretically impossible to breach without detection. The combination of traditional investigative work and breakthrough technologies like quantum encryption offers our best hope for creating a digital environment where groups like Scattered Spider become museum pieces. Perhaps we should focus less on action figures and more on the real-world heroes developing technologies that make criminal enterprises obsolete. After all, the best way to deal with villains isn't immortalising them in plastic, it's building a world where their methods don't work. I'll be first in line for my figurine of Professor Gerald Buller. Annie Diamond is the deputy managing director of specialist technology, science and energy PR agency Hot Tin Roof Agenda is a column for outside contributors. Contact: agenda@
Mint
4 days ago
- Business
- Mint
Siddharth Pai: Arm employees against sophisticated cyberattacks
The internet can be more dangerous than even the roughest part of a big city. Consider this: Over the Easter weekend, British retailer Marks & Spencer (M&S) fell victim to a cyberattack that proved not only costly in financial but also reputational terms. It stemmed not from a failure of firewalls or malware detection tools, but AI-enabled social engineering. A hacker group known as Scattered Spider is being probed for breaching M&S's systems through a third-party IT services contractor. The attackers may have used impersonation techniques to gain unauthorized access to internal systems, resulting in leaked customer data, operational disruptions and an estimated financial hit of over £400 million. Also Read: Rahul Matthan: Brace for a wave of AI-enabled criminal enterprise It underscores an increasingly common theme in today's cybersecurity breaches: the exploiting of humans, rather than hardware or software. Cyber-safety is no longer just a technical issue to be left to the IT department; it's a human issue, deeply embedded in behaviour, awareness and preparedness. Human resource training is a pressing challenge in today's context. Organizations are facing an onslaught of evolving cyber threats—ransomware attacks, phishing scams, deepfake impersonations, credential stuffing and more. These don't merely target infrastructure, but also people. Employees get emails from attackers posing as executives, vendors or even co-workers. They're tricked into clicking malicious links, giving away login credentials or transferring money to fake accounts. So the front-line isn't the server room, but everyone's inbox. M&S wasn't alone. Around the same time, Peter Green Chilled, a logistics supplier for major supermarkets, was hit by a ransomware demand that disrupted its ability to deliver fresh goods—a classic example of how lapses can ripple across supply chains. In each case, the technical sophistication of the attack was significant, but what often allowed entry was an older vulnerability: human error, complacency or ignorance. That's where training comes in. However, unlike other workplace modules like those for code compliance or harassment awareness, cybersecurity training poses unique challenges. For one, the threat landscape evolves constantly. Techniques that were cutting-edge six months ago may be obsolete now. Social engineering tactics are increasing as attackers study employee behaviour to refine their methods even as training modules struggle to keep pace. Also Read: Dodgy aides: What can we do about AI models that defy humans? Then there's an engagement problem. Most employees don't exactly look forward to such training. The mere mention conjures images of outdated videos, multiple-choice quizzes and unrelatable jargon. For behaviour change, the content must be engaging, memorable and relevant to people's day-to-day roles. Trained users are 30% less likely to fall for phishing attempts ( Gamification may work. If employees are challenged to identify phishing emails in a simulated inbox, or compete in cybersecurity 'escape rooms' that require them to solve puzzles based on real threats, they are far likelier to remember the lessons. Interactive storytelling and incentives could work. Case studies, like M&S's, could be used. Another solution is adaptive learning. Tools powered by large language models, such as Gen AI-based systems, can tailor training material to an employee's role, learning pace and previous performance. A marketing executive who frequently handles customer data might need a different module from a warehouse supervisor. Likewise, training systems can use natural language interactions as learning chats. This would not only enhance comprehension but also facilitate continuous reinforcement. However, designing and implementing such training programs isn't solely the responsibility of the IT department. All departments must join hands, with HR embedding cyber awareness into the cultural fabric of the organization and fostering a mindset where everyone makes safety part of their job. When employees understand that a single careless click can cause multimillion-pound damage, as in the case of M&S, they're more likely to internalize the lessons. To sustain cybersecurity training, it should be embedded into everyday workflows. Micro-learning modules, brief but frequent sessions delivered via mobile devices or placed in productivity platforms, can reinforce knowledge incrementally. These modules could be triggered contextually—for example, providing a phishing refresher right after an employee forwards a suspicious email. Over time, such nudge-based training would build everyone's muscle memory, turning caution into instinct. Also Read: Rahul Matthan: Don't let data privacy safeguards work against us The stakes could not be higher. Over 80% of the world's largest organizations report at least one major breach a year. It's not just about firewalls and antivirus software anymore; it's about employees in coffee shops, on personal devices, at home networks and in third-party vendor offices. That reality demands that HR development evolve beyond compliance checklists and become an active, dynamic component of the organization's cybersecurity strategy. Ultimately, the best defence an organization can build is not a piece of software, but a culture—one where every employee acts as a guardian of data and systems. It demands well-designed, engaging and adaptive training efforts that keep pace with the adversaries we face. In the game of cybersecurity, humans aren't just a vulnerability—they're also the solution. The author is co-founder of Siana Capital, a venture fund manager.
Daily Mirror
5 days ago
- Business
- Daily Mirror
M&S to open 12 new stores after issuing cyber attack update
One of the new stores, which will be located in Godalming, will measure 22,000sq ft - making it the largest M&S food hall to date Marks and Spencer has announced plans to open 12 new food halls in former Homebase locations. Some of the locations M&S is targeting include Abingdon, Cannock, Farnham, Godalming and Northampton. The new stores in Abingdon and Cannock are expected to open in late 2025 and will measure 18,000sq ft. The rest of the locations will open in mid-2026, with the Godalming store set to measure 22,000sq ft - making it the largest M&S food hall to date. The new stores will create more than 550 jobs. M&S CEO Stuart Machin said: 'Investing in new and renewed stores is one of our key transformation priorities. 'Securing these highly desirable sites in priority locations will accelerate this strategy, drive further growth in our M&S food business and most importantly give our customers the best possible M&S shopping experience.' The move is part of M&S' store rotation programme, which aims to increase the number of its food-only sites to 420 by 2028, while reducing the number of its full-line stores to 180. It comes after Marks and Spencer issued an update following its cyber attack and warned that ongoing disruption could last until July. The supermarket was targeted on Easter weekend but shoppers are still currently unable to order from M&S online. At the time, the cyber attack impacted contactless payments and click and collect orders, while some shelves in stores were also left empty. M&S stores are largely back to normal in terms of stock availability, but online orders remain paused around four weeks after they were first halted. The cyber attack is expected to cost the company around £300million. It has subsequently been revealed that customer data, which could have included names, email addresses, addresses and dates of birth, was taken by the hackers. It has been reported that the cyber attack is being linked to hacking group Scattered Spider - with some of the hackers believed to be just teenagers. Paul Foster, head of the National Crime Agency national cyber-crime unit, told the BBC: "We are looking at the group that is publicly known as Scattered Spider, but we've got a range of different hypotheses and we'll follow the evidence to get to the offenders." M&S chief executive Stuart Machin told reporters that hackers gained access to its IT systems through a third party after 'human error' rather than a weakness in the system. He said: 'Unable to get into our systems by breaking through our digital defences, the attackers did try another route, resorting to that term social engineering by entering through a third party.'
