Who are Scattered Spider, the infamous young hacking group linked to M&S cyber attack?
Scattered Spider is one of the most notorious and active hacking groups currently being monitored by cybersecurity experts. With a history spanning over two years, this group has been linked to more than 100 targeted attacks across various industries, including telecoms, finance, retail, and gaming.
The UK is "widely" underestimating online threats from hostile states and criminals, warns cyber security chief. But Scattered Spider's activities have raised concerns about the vulnerability of British businesses and consumers to cyber-attacks. In one of their most infamous hacks, members of the group locked up the networks of casino operators Caesars Entertainment and MGM Resorts International, demanding hefty ransoms.
According to Graeme Stewart, head of public sector at security company Check Point, Scattered Spider's structure is decentralized and adaptive, making it challenging for authorities to catch its members. "This is not a loose group of opportunistic hackers," he said. "They operate more like an organized criminal network." Despite several arrests made in the US and Europe, the group's ability to regroup quickly has allowed it to continue its attacks.
Who are the members of Scattered Spider?
The group is believed to be made up of young, English-speaking individuals, mainly based in the UK and the US. Some members are as young as 16, with the group meeting on hacker forums online. The authorities have struggled to catch its members due to their decentralized nature.
"The gained notoriety focused on the brand - which is so entrenched in British culture and history - just places even more pressure on M&S to pay the growing demands," said Jake Moore, global cybersecurity adviser at cybersecurity firm ESET. The attack on M&S appears to be heavily financially motivated, with the goal of making as much money as possible.
The tactics used by Scattered Spider
According to Mr Stewart, the group often targets human vulnerabilities rather than system flaws. They use tactics like social engineering, where hackers trick people into letting them into systems, impersonating IT staff or SIM swapping. SIM swapping attacks are where hackers trick phone providers into transferring a victim's phone service to a SIM card under the hacker's control.
This means that the hacker can approve two-factor authentication and access the victim's private accounts as well as installing malware on certain devices. "The attack on M&S appears to be heavily financially motivated and focused on making as much money as possible," said Mr Stewart.
M&S and the impact of Scattered Spider's attack
Marks & Spencer (M&S) has been unable to accept contactless payments for over a week, with customers also facing issues with shopping online. The company confirmed that there were "pockets of limited availability in some stores" as a result of measures to manage the cyber incident.
"As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps," said an M&S spokesperson. "Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers." The company has assured customers that there is no need for them to take any action, but the situation may change if necessary.
The implications of Scattered Spider's attack on British businesses
The attack on M&S highlights the vulnerability of British businesses to cyber-attacks. With the UK being "widely" underestimating online threats from hostile states and criminals, experts warn that this is a ticking time bomb waiting to happen.
"The gained notoriety focused on the brand - which is so entrenched in British culture and history - just places even more pressure on M&S to pay the growing demands," said Mr Moore. The implications of Scattered Spider's attack are far-reaching, and British businesses must take necessary steps to protect themselves from such threats.