Yazılar

Google Warns U.S. Retailers: Scattered Spider Hackers Shifting Focus from UK to U.S. Targets

/in /tarafından

Alphabet’s Google has issued a stark cybersecurity warning to U.S. retailers, revealing that hackers connected to the Scattered Spider group—linked to recent cyberattacks that paralyzed UK retail giants like M&Sare now actively targeting American retail operations.

These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” said John Hultquist, chief analyst at Google’s cybersecurity unit.

🕸️ Who is Scattered Spider?

  • Scattered Spider is not a single entity but a loosely connected hacker collective, often made up of young and highly adaptive cybercriminals.

  • The group made headlines in 2023 for cyberattacks on:

    • MGM Resorts International

    • Caesars Entertainment

It now appears to be sector-focused, with retail as its current primary target.

💥 Recent Victims

  • Marks & Spencer (M&S), one of the UK’s most iconic retailers, has had its online operations frozen since April 25 due to a Scattered Spider-linked breach.

  • Google says U.S. retailers may soon face similar high-impact intrusions.

🔍 U.S. Retail Sector on High Alert

  • The National Retail Federation is closely monitoring developments.

    There aren’t geographic boundaries on these threats,” said Christian Beckner, an NRF vice president.

  • Retail & Hospitality ISAC, a major industry threat-sharing alliance whose members include Costco, McDonald’s, Albertsons, and Lowe’s, is working with Google to brief members on how to mitigate the threat.

🚨 Enforcement Challenges

  • Scattered Spiders decentralized structure, young members, and a lack of incident reporting by victims make it difficult for law enforcement to act.

  • FBI and CISA have not yet commented on Google’s latest warning.

🧭 Strategic Recommendations

Cyber experts are urging U.S. retailers to:

  • Reassess and reinforce multi-factor authentication (MFA) practices

  • Conduct penetration testing and vulnerability scanning

  • Increase internal monitoring of identity and access management systems

  • Join industry threat-sharing networks like ISAC to stay ahead of threat intelligence

With U.S. retail networks increasingly digitized, Google’s alert underscores the need for proactive defenses, especially as sophisticated, disruptive hacks now span continents and industries with ease.

Cyberattacks on M&S and Co-op Originated from Help Desk Deception, Says Report

/in /tarafından

Cybercriminals launched recent attacks on British retailers Marks & Spencer (M&S) and Co-op Group by impersonating employees to trick IT help desks into resetting passwords, according to a report by BleepingComputer. This social engineering tactic allowed hackers to gain initial access to internal systems.

The UK’s National Cyber Security Centre (NCSC) responded by urging all organisations to re-evaluate their help desk protocols, warning that online criminal activity like ransomware and data extortion is on the rise and that even large enterprises are vulnerable to such basic forms of manipulation.

While both M&S and Co-op declined to comment, the consequences of the M&S breach are already being felt. Shares dropped 4% on Tuesday and are down 12% since the cyber incident was disclosed on April 22. The company halted online orders for clothing and home products via its website and app on April 25, with no timeline for resumption. Some food product availability has also been disrupted.

Deutsche Bank analysts estimate the incident has cost M&S around £30 million ($40 million) so far, with an ongoing weekly impact of approximately £15 million. Though cyber insurance may offset part of the loss, it typically covers a limited time period. The broader risks include loss of consumer trust, data breach fines, and long-term reputational damage.

Ciaran Martin, former CEO of the NCSC, noted that the recovery time for such attacks is often lengthy due to the need to completely rebuild compromised IT networks.

Meanwhile, a group identifying as DragonForce claimed responsibility for attacking both M&S and Co-op, as well as stealing staff and potential customer data from the latter. The same group also claims responsibility for attacking Harrods. The report also links the cyberattack on M&S to the Scattered Spider” hacking collective, known for using DragonForce ransomware, although the NCSC said it could not confirm the connection.