UK Shares Security Tips After Major Retail Cyberattacks
The UK's National Cyber Security Centre (NCSC) has issued guidance to all companies following a series of high-profile cyberattacks on major retailers, including Marks & Spencer, Co-op, and Harrods. The attacks, which started with a DragonForce ransomware attack on M&S, disrupted online orders, contactless payments, and the company's Click & Collect service.
Co-op reported another cyber incident last week, restricting VPN access as a precaution, only to confirm later that "significant" amounts of customer data were stolen in the attack. Harrods confirmed that threat actors tried to breach its network on May 1, prompting restrictions on internet access, but no breach was confirmed.
All three breaches were claimed by the DragonForce operation, with BleepingComputer learning that the threat actors used the same social engineering attack to breach both M&S and Co-op. While ransomware was deployed at M&S, Co-op was able to detect and stop the attack before the encryptors could be deployed.
The NCSC has warned that these attacks should be taken as a "wake-up call" by all large businesses in the country, as they could be the next target in the hackers' crosshairs. At this time, the agency has opted not to speculate on who the attackers are and is still working with victims to determine if there is a link between the attacks.
Security Advisory Released
The NCSC has released a security advisory that provides guidance for all companies to strengthen their cybersecurity defenses. The advisory comes shortly after the agency warned that these attacks should be taken as a "wake-up call" by all large businesses in the country, as they could be the next target in the hackers' crosshairs.
"Whilst we have insights, we are not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor, or whether there is no link between them at all," stated NCSC. "We are working with the victims and law enforcement colleagues to ascertain that."
Security Recommendations
The NCSC has published a list of security recommendations for UK businesses to follow and mitigate the risk. These can be summarized as follows:
- Review helpdesk password reset processes, including how the helpdesk authenticates staff members' credentials before resetting passwords, especially those with escalated privileges.
- Prepare for the worst, as attackers could test their defenses next.
Tips from Cybersecurity Experts
Cybersecurity experts Kevin Beaumont and Will Thomas have also shared tips on detecting and blocking these types of threat actors. It is strongly advised that all companies, regardless of your country, follow this guidance to strengthen their cybersecurity posture.
Top 10 MITRE ATT&CK Techniques Behind 93% of Attacks
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Co-op Confirms Data Theft After DragonForce Ransomware Claims Attack
The Co-op has confirmed that "significant" amounts of customer data were stolen in the attack, following an earlier statement that they had detected and stopped the attack before the encryptors could be deployed.
UK NCSC: Cyberattacks Impacting UK Retailers Are a Wake-up Call
The UK NCSC has stated that cyberattacks impacting UK retailers are a wake-up call for all businesses in the country, as they could be the next target in the hackers' crosshairs.
Microsoft: Octo Tempest is One of the Most Dangerous Financial Hacking Groups
Microsoft has warned that Octo Tempest is one of the most dangerous financial hacking groups, with a white-label branding scheme and a new "Bring Your Own Installer" EDR bypass used in ransomware attacks.
DragonForce Expands Ransomware Model with White-Label Branding Scheme
DragonForce has expanded its ransomware model with a white-label branding scheme, allowing other attackers to use the same tactics and increase their chances of success.