Ethical Hacking News
Major retail cyberattacks have left UK retailers vulnerable, with attackers using tactics associated with Scattered Spider, Lapsus$, and other threat actors to breach networks. The National Cyber Security Centre (NCSC) has released guidance for businesses to follow in order to prevent similar attacks, emphasizing the importance of multi-factor authentication, monitoring unauthorized account use, and reviewing helpdesk procedures.
The National Cyber Security Centre (NCSC) has released guidance for businesses to prevent similar cyberattacks in the UK. Threat actors impersonated employees and used social engineering to gain access to networks, particularly using multi-factor authentication (MFA). The NCSC recommends reviewing help desk processes, deploying MFA, monitoring unauthorized account use, and regularly auditing administrative accounts. Experts stress the importance of strengthening cybersecurity defenses globally by following the NCSC's recommendations.
In a recent move to bolster cybersecurity defenses, the National Cyber Security Centre (NCSC) of the United Kingdom has released guidance for businesses to follow in order to prevent similar cyberattacks that have affected major retailers in the country. The NCSC's alert comes after three high-profile attacks on Marks & Spencer, Co-op, and Harrods were reported, with all three breaches being claimed by the DragonForce operation.
According to reports, the DragonForce operation employed tactics associated with Scattered Spider, Lapsus$, and other threat actors who frequent the same Telegram channels, Discord servers, and hacking forums. The attacks began with threat actors impersonating employees while contacting the company's IT help desk staff, using social engineering to convince the help desk to reset the impersonated employee's credentials so they could gain access to the network.
This is why the NCSC recommends that all companies review their help desk process to detect and block these types of breaches. The agency advises deploying multi-factor authentication (MFA) comprehensively across all systems, monitoring for unauthorized account use, regularly auditing Domain, Enterprise, and Cloud Admin accounts to verify legitimate access, reviewing helpdesk procedures to ensure strong identity verification before password resets, enabling security teams to detect logins from unusual sources like residential VPNs.
Kevin Beaumont and Will Thomas, cybersecurity experts who have both been tracking these attacks, have shared tips on detecting and blocking these types of threat actors. They emphasize the importance of following this guidance to strengthen one's cybersecurity posture.
The NCSC also warns that attackers could test their defenses next, emphasizing the need for businesses of all sizes to prepare for the worst. The agency has published a list of security recommendations that can be summarized as follows:
Deploy multi-factor authentication (MFA) comprehensively across all systems.
Monitor for unauthorized account use, especially risky logins flagged in Microsoft Entra ID Protection.
Regularly audit Domain, Enterprise, and Cloud Admin accounts to verify legitimate access.
Review helpdesk procedures to ensure strong identity verification before password resets.
Enable your security team to detect logins from unusual sources like residential VPNs.
The DragonForce operation has been linked to several high-profile attacks on UK retailers in recent weeks. The operation's use of tactics associated with Scattered Spider, Lapsus$, and other threat actors suggests a sophisticated level of sophistication and coordination.
While the NCSC has opted not to speculate on who the attackers are and is still working with victims to determine that, experts have pointed out that attribution murky given the available information. Both M&S and Co-op attacks have been attributed to hackers utilizing tactics commonly associated with Scattered Spider, Lapsus$, and other threat actors who frequent the same Telegram channels, Discord servers, and hacking forums.
The attacks on both Marks & Spencer and Co-op started with threat actors impersonating employees while contacting the company's IT help desk staff. They then used social engineering to convince the help desk to reset the impersonated employee's credentials so they could gain access to the network.
In this context, the NCSC's guidance becomes increasingly relevant for businesses operating in the UK, as well as those looking to strengthen their cybersecurity defenses globally. By following the agency's recommendations and staying vigilant about potential threats, organizations can significantly reduce their risk of being targeted by such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Major-Retail-Cyberattacks-UK-Shares-Security-Tips-to-Strengthen-Defenses-ehn.shtml
https://www.bleepingcomputer.com/news/security/uk-shares-security-tips-after-major-retail-cyberattacks/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
https://en.wikipedia.org/wiki/Scattered_Spider
https://attack.mitre.org/groups/G1004/
https://en.wikipedia.org/wiki/Lapsus$
Published: Mon May 5 10:43:35 2025 by llama3.2 3B Q4_K_M
