Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre | EUROtoday

The National Cyber Security Centre (NCSC) has warned that criminals launching cyber assaults at British retailers are impersonating IT assist desks to interrupt into organisations.

Hackers have focused Marks & Spencer, Co-op and Harrods within the final two weeks, and on Friday the nameless group informed the BBC there shall be extra assaults quickly.

Now the NCSC, the federal government company accountable for cyber safety, has issued steering to organisations urging them to assessment their IT assist desk “password reset processes” to cut back their probabilities of getting hacked.

“We believe by following best practice, all companies and organisations can minimise the chances of falling victim to actors like this,” it mentioned.

It mentioned corporations ought to reassess how their IT assist desk “authenticates staff members” earlier than resetting passwords, particularly senior staff with entry to high-level elements of an IT community.

It highlighted press hypothesis round “social engineering” as a approach hackers might have gained entry to accounts.

Criminals use social engineering methods to get individuals to belief them after they e mail, textual content or name pretending to be from an organization’s IT assist desk – finally tricking staff into handing over their log in passwords and safety codes.

This additionally works the opposite approach – calling individuals who work on the assistance desk and pretending to be an worker locked out of their account.

Cyber safety specialists now advocate additional layers of safety to cope with these types of assaults.

“Having code words that get used when an employee phones up to change their credentials, such as “BluePenguin”, is one thing being discussed in the cyber community as a way to check that the member of staff is genuine,” mentioned Lisa Forte from cyber safety agency Red Goat.

“Ultimately it comes back to the same issue with login credentials as always – we need multiple ways to do it to ensure it isn’t easy to bypass.”

The NCSC recommendation is the strongest trace but the hackers are utilizing techniques mostly related to a collective of English-speaking cyber criminals nicknamed Scattered Spider.

The identify derives from “spider” being the label given to financially motivated cyber criminals, whereas “scattered” is as a result of they don’t seem to be a cohesive, organised gang.

In the previous two years these disparate hackers, of their teenagers or early twenties, have coordinated and deliberate assaults on Discord and Telegram to breach dozens of corporations and steal or scramble knowledge to extort their victims.

The NCSC doesn’t particularly identify the group as being accountable for the present wave of assaults, however acknowledges Scattered Spider are identified for some of these hacks.

In different NCSC recommendation, cyber defenders are being urged to be careful for “Risky Logins”.

This means looking for when and the place staff have logged in from – for instance late at evening or from unusual places.

Although cyber criminals could possibly be wherever on the planet, younger English-speaking hackers within the UK and US have develop into adept at utilizing social engineering of their assaults.

Scattered Spider hackers have been accountable for excessive profile assaults together with the coordinated strikes in opposition to casinos in Las Vegas wherein MGM Grand Casinos and Caesar’s Palace had been hit in fast succession.

There have been six arrests within the final 12 months of hackers accused of being from Scattered Spider within the US and UK.

In July 2024 a 17-year-old from Walsall was arrested as a part of an FBI investigation into the MGM hack – and months later an individual of the identical age and placement was arrested in reference to one other hack on Transport for London.

Police wouldn’t say if the alleged hacker was the identical individual.

On Friday, the hackers accountable for the present wave of assaults spoke to the BBC.

The criminals repeatedly denied they’re Scattered Spider hackers and would solely name themselves DragonForce – the identify of a cyber crime service hackers can use for malicious software program and extortion.

The hackers, who had been fluent English audio system, revealed to the BBC that they had compromised Co-op and stolen a considerable amount of buyer and worker knowledge.

They wouldn’t focus on the M&S hacks. But it’s thought DragonForce ransomware was used to scrambled the agency’s IT servers.

While the NCSC mentioned it “had insights”, it added it was “not yet in a position to say if these attacks are linked”.

“We are working with the victims and law enforcement colleagues to ascertain that,” it mentioned.