NCSC Warns Retailers of IT Helpdesk Impersonation Trick Used by Ransomware Gangs

The UK's National Cyber Security Centre (NCSC) has issued a warning to retailers and businesses about the growing threat of ransomware attacks, specifically highlighting an emerging tactic used by attackers: impersonating IT helpdesk staff to gain access to corporate accounts. The warning comes after high-profile attacks on Marks & Spencer and Co-op, which are estimated to have cost millions of pounds due to disruption to services and lost sales.

The NCSC has "insights into the three attacks" but says it is not yet clear if they are linked or part of a concerted campaign. However, in its advisory published on its website, the centre appears to suggest that attackers gained access to corporate victims' internal systems by exploiting employees' legitimate accounts. And how does this happen? Attackers use social engineering techniques to trick IT helpdesk staff into resetting passwords and multi-factor authentication (MFA).

A hacker "phishes" for login credentials by making a fraudulent phone call to a company's helpdesk, posing as an employee who cannot log into their account. Often, attackers gather information in advance from social media about the individual they are impersonating, making their approach more convincing. This tactic was recently used against MGM Resorts casinos in Las Vegas in 2023, leaving guests unable to enter their rooms, ATM machines offline, and phone lines taken down. The attack is estimated to have cost MGM Resorts over $100 million.

British police made an arrest last year related to the attack of a teenager said to be a member of the "Scattered Spider" hacking group. This same group is reportedly also behind the attacks on Co-op and Marks & Spencer, highlighting the growing threat posed by ransomware gangs.

The NCSC's advice is sensible for all businesses to follow, including giving special attention to the security of high-level accounts and advising that all businesses review their processes for handling password resets. By following this guidance, businesses can significantly reduce the risk of falling victim to such attacks.

Protecting Your Business from Ransomware Attacks

Monitoring, management, and testing are vital to maintaining a robust cybersecurity posture. Here at [Exponential-e], we offer comprehensive guides and expert advice on how to improve the cybersecurity training of your staff and remediate against ransomware attacks.

By learning more about our Cyber Security eco-system and how it can help protect your organisation from the latest cyber threats, you can take proactive steps to safeguard your business. When you subscribe to our blog, we'll send you an email when there are new updates on the site, so you won't miss out.

About Graham Cluley

Graham Cluley is a renowned cybersecurity expert with over three decades of experience in the industry. He has worked as a programmer, writing the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Since then, he has held senior roles at leading computer security companies such as Sophos and McAfee.

Graham Cluley is an award-winning cybersecurity public speaker, podcaster, blogger, and analyst. He regularly appears on TV and radio explaining computer security threats and has worked with law enforcement agencies on investigations into hacking groups. In 2011, he was inducted into the InfoSecurity Europe Hall of Fame for his contributions to the industry.

Graham Cluley is also an honorary mentionee in the "10 Greatest Britons in IT History" for his role as a leading authority in internet security. With his extensive experience and expertise, Graham Cluley is a trusted voice in the cybersecurity community.