Scattered Spider: Who Are the Hackers Linked to M&S and Co-op Cyberattacks?

The recent cyberattack on Marks & Spencer (M&S) has left shoppers wondering when normal services will resume. As the company struggles to recover, another group of hackers - Scattered Spider - is making headlines for their string of dramatic attacks on retailers. The question on everyone's mind is: who are these hackers, and what's behind their sophisticated cybercrimes?

According to ITPro, Scattered Spider is "the name on every security practitioner's mind right now". Graeme Stewart, from security company Check Point, describes them as "one of the most dangerous and active hacking groups we are monitoring". The group is believed to be made up mainly of English-speaking teenagers and young adults based in the UK and US. Since their first appearance in 2022, they have been linked to more than 100 cyberattacks across telecoms, finance, retail, and gaming.

The High-Profile Targets

The most high-profile target of Scattered Spider's attacks was two casino operators - Caesars Entertainment and MGM Resorts. In a staggering display of power, the hackers brought both companies to their knees, with Caesars Entertainment reportedly paying $15 million to restore its network, while MGM Resorts had to pay out an estimated $100 million in damages to customers whose personal information had been stolen.

"They operate more like an organised criminal network, decentralised and adaptive," said Stewart. "Even with several arrests made in the US and Europe, their structure allows them to regroup quickly." This level of organisation suggests that Scattered Spider is not a loose group of opportunistic hackers, but rather a well-coordinated team.

The Tactics Used

Scattered Spider's tactics are equally as sophisticated. They often exploit human vulnerabilities rather than technical system flaws. In the case of the M&S and Co-op hacks, a social engineering attack allowed the hackers to reset an employee's password, which was then used to breach the network.

"They use 'sim swapping' - where they clone an employee's phone number and then ask the company IT desk to reset their password," explained Paul Cashmore, chief executive of cybersecurity consultancy Solace Cyber. "And they create bogus login pages that closely mimic corporate sign-in portals." This is akin to "breaking down the front door" of networks.

The Ransomware Cartel

Scattered Spider appears to be working with a ransomware gang called DragonForce, which originated in Malaysia in 2023 as a pro-Palestinian "hacktivist" operation. DragonForce is a "ransomware-as-a-service operation where other cyber criminals can join as affiliates to use their ransomware encryptors and negotiation sites," said Bleeping Computer.

In exchange for using DragonForce's tools, affiliates receive 20-30% of any ransoms paid by extorted victims. The hackers demand a ransom payment in exchange for decrypting the company's data, which they claim will be deleted if the payment is not made. However, if a ransom is not paid, the stolen data is typically published on their dark web data leak site.

The Moral and Business Dilemma

Paying a ransom after a cyberattack presents a complex moral and business dilemma for companies. On one hand, paying may provide a quick way to restore operations, protect customer data, and limit immediate financial and reputational damage.

"But it also carries significant long-term risks," warned The Times. "Paying may encourage criminal activity and potentially make the company a repeat target." This highlights the need for companies to carefully consider their response to cyberattacks.

The Unaffiliated Hackers

One of the most intriguing aspects of Scattered Spider is that their members are believed to be based around the world, and appear to be unaffiliated with any state actors. However, experts warn that this does not make them a "loose group of opportunistic hackers".

"They operate more like an organised criminal network," said Stewart. This level of organisation suggests that Scattered Spider is a well-coordinated team, rather than a disorganised group.

The Future of Cybercrime

As cyberattacks continue to rise, it's clear that companies need to stay vigilant and adapt their security measures to keep up with the latest threats. The case of Scattered Spider highlights the importance of staying informed about emerging cybercrimes and the tactics used by hackers.

"The public is losing trust in police and battered criminal justice system," said Bleeping Computer. This highlights the need for companies and individuals to take matters into their own hands, protecting themselves from cyber threats.