The National Cyber Security Centre (NCSC) has warned criminals launching cyber attacks at British retailers are impersonating IT help desk calls to break into organisations. Hackers have targeted Marks & Spencer, Co-op and Harrods in the last two weeks, andon Friday the anonymous group told the BBCthere will be more attacks soon. Now the NCSC, the government agency responsible for cyber security,has issued guidance to organisationsurging them to review their IT help desk "password reset processes" to reduce their chances of getting hacked. "We believe by following best practice, all companies and organisations can minimise the chances of falling victim to actors like this," it said. It said firms should reassess how their IT help desk "authenticates staff members" before resetting passwords, especially senior employees with access to high-level parts of an IT network. It highlighted press speculation around "social engineering" as a way hackers may have gained access to accounts. Criminals use social engineering techniques to get people to trust them when they email, text or call pretending to be from a company's IT help desk - ultimately tricking employees into handing over their log in passwords and security codes. This also works the other way - calling people who work on the help desk and pretending to be an employee locked out of their account. Cyber security experts now recommend further layers of security to deal with these sorts of attacks. "Having code words that get used when an employee phones up to change their credentials, such as "BluePenguin", is one thing being discussed in the cyber community as a way to check that the member of staff is genuine," said Lisa Forte from cyber security firm Red Goat. "Ultimately it comes back to the same issue with login credentials as always – we need multiple ways to do it to ensure it isn't easy to bypass." The NCSC advice is the strongest hint yet the hackers are using tactics most commonly associated with a collective of English-speaking cyber criminals nicknamed Scattered Spider. The name derives from "spider" being the label given to financially motivated cyber criminals, while "scattered" is because they are not a cohesive, organised gang. In the past two years these disparate hackers, in their teens or early twenties, have coordinated and planned attacks on Discord and Telegram to breach dozens of companies and steal or scramble data to extort their victims. The NCSC does not specifically name the group as being responsible for the current wave of attacks, but acknowledges Scattered Spider are known for these types of hacks. In other NCSC advice, cyber defenders are being urged to watch out for "Risky Logins". This means looking out for when and where employees have logged in from - for example late at night or from strange locations. Although cyber criminals could be anywhere in the world, young English-speaking hackers in the UK and US have become adept at using social engineering in their attacks. Scattered Spider hackers have been responsible for high profile attacks includingthe coordinated moves against casinosin Las Vegas in which MGM Grand Casinos and Caesar's Palace were hit in quick succession. There have been six arrests in the last year of hackers accused of being from Scattered Spider in the US and UK. In July 2024a 17-year-old from Walsall was arrestedas part of an FBI investigation into the MGM hack - and months latera person of the same age and location was arrestedin connection with another hack on Transport for London. Police would not say if the alleged hacker was the same person. On Friday, the hackers responsible for the current wave of attacks spoke to the BBC. The criminals repeatedly denied they are Scattered Spider hackers and would only call themselves DragonForce - the name of a cyber crime service hackers can use for malicious software and extortion. The hackers, who were fluent English speakers, revealed to the BBC they had compromised Co-op and stolen a large amount of customer and employee data. They would not discuss the M&S hacks. But it is thought DragonForce ransomware was used to scrambled the firm's IT servers. While the NCSC said it "had insights", it added it was "not yet in a position to say if these attacks are linked". "We are working with the victims and law enforcement colleagues to ascertain that," it said.
Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre
TruthLens AI Suggested Headline:
"NCSC Warns of Cyber Attacks Targeting UK Retailers and Advises on IT Security Measures"
Bbc News
8.1
TruthLens AI Summary
The National Cyber Security Centre (NCSC) has issued a warning regarding a surge in cyber attacks targeting British retailers, specifically noting incidents involving Marks & Spencer, Co-op, and Harrods. In light of these attacks, the NCSC has urged organizations to critically evaluate their IT help desk procedures, particularly concerning 'password reset processes.' The agency emphasized that by adhering to best practices, companies can significantly reduce their vulnerability to cybercriminals. The NCSC highlighted the importance of verifying the identity of staff members before granting access to sensitive information, particularly for employees in senior positions who have access to critical areas of the IT network. It is believed that the hackers may have employed social engineering tactics to gain access to accounts, which involves tricking employees into divulging their login credentials through impersonation tactics, such as phone calls or emails from supposed IT help desk representatives.
In addition to the NCSC's guidance, cyber security experts suggest implementing additional security measures to counter these types of attacks. One proposed method is the use of code words that employees must provide when requesting a change to their credentials, ensuring that only genuine staff members can authenticate such requests. The NCSC has hinted that the attacks may be linked to a group of cybercriminals known as Scattered Spider, a loosely organized collective notorious for similar hacking tactics. Although the NCSC has not explicitly named this group as responsible for the recent attacks, they have acknowledged the group's previous high-profile operations, including incidents involving casinos in Las Vegas. The recent attacks have also seen the emergence of a group calling themselves DragonForce, who claimed responsibility for hacking Co-op and allegedly stealing significant amounts of customer and employee data. The NCSC is currently collaborating with victims and law enforcement to determine the connections between these attacks and the groups involved, while also advising organizations to monitor unusual login activity as a precautionary measure against cyber threats.
TruthLens AI Analysis
The article highlights the increasing threat of cyber attacks targeting major British retailers, such as Marks & Spencer and Co-op, through impersonation tactics. The National Cyber Security Centre (NCSC) has issued warnings and recommendations for organizations to enhance their security protocols, particularly around IT help desk operations. This situation reflects broader concerns about cybersecurity and the potential vulnerabilities within established companies.
Intent Behind the Publication
This news aims to raise awareness about the risks associated with cyber attacks and the necessity for stronger security measures. By emphasizing the tactics used by hackers, the article encourages organizations to take proactive steps in securing their IT infrastructure. The guidance from the NCSC serves as a call to action for businesses to reevaluate their current security practices.
Public Perception
The article is likely intended to cultivate a sense of urgency among businesses and their employees regarding cybersecurity. It aims to create a perception that cyber threats are not only imminent but also sophisticated, which could lead to increased vigilance in handling sensitive information.
Possible Concealment of Information
While the article focuses on the immediate threats of cyber attacks, it does not delve into the broader implications of such attacks, such as the potential economic repercussions for affected companies or the overall security landscape in the UK. This could indicate a desire to keep the public focused on the immediate issue rather than the systemic vulnerabilities that exist.
Manipulative Elements
The article employs a persuasive tone by using expert opinions and recommendations, which can create a sense of authority and urgency. The manipulation could stem from the way it presents the information, emphasizing the risks without fully exploring the underlying causes or potential solutions beyond basic compliance.
Reliability of the Information
The reliability of the article appears to be high, primarily due to the involvement of the NCSC, a government agency tasked with cybersecurity. Their guidance is based on informed assessments of current threats, which lends credibility to the information presented.
Societal Implications
The immediate societal impact is likely to be an increased awareness of cybersecurity risks among employees and management within organizations. Economically, businesses may face pressure to invest more in cybersecurity measures, which could lead to increased operational costs. In the political arena, the government may use these incidents to push for more stringent cybersecurity regulations.
Target Audience
The article is aimed at business leaders, IT professionals, and employees who may be vulnerable to such attacks. By highlighting the need for vigilance, it seeks to engage individuals who are responsible for maintaining cybersecurity within their organizations.
Market Influence
This news could influence investor sentiment regarding companies in the retail sector, particularly those that have been targeted. Stocks of affected companies may experience short-term volatility as investors react to the perceived risks associated with cybersecurity breaches.
Geopolitical Context
While the article focuses on domestic incidents, it reflects a broader global trend of increasing cyber threats. The discussion surrounding cybersecurity is relevant in today’s geopolitical landscape, where cyber warfare and hacking have become significant concerns for national security.
Potential Use of AI
The article may have utilized AI technologies for analyzing trends in cybersecurity or for crafting the narrative. AI models can assist in synthesizing information and identifying key threats, influencing the way the information is presented to the public.
In conclusion, the article serves as a timely reminder of the growing cyber threats faced by organizations. It effectively communicates the urgency for enhanced security measures while also reflecting the complexities of the current cybersecurity landscape.