Hacking Group Linked to Vegas Disruptions Suspected in Recent UK Retail Attacks
A notorious hacking group known as Scattered Spider, which previously wreaked havoc on the Las Vegas Strip, is now suspected of being behind a series of cyberintrusions targeting U.K. retailers over the past two weeks.
The Wall Street Journal (WSJ) reported that London department store Harrods, along with retailers Marks & Spencer and Co-op, have all been victims of these recent attacks. While Scattered Spider has not been publicly named as the culprit, individuals familiar with the investigation believe the group is responsible for at least some of the breaches.
The incidents in question involve disrupting online sales and certain payments, leading to the theft of customer data. However, it's worth noting that stores have remained open despite these attacks. Co-op confirmed that a significant amount of customer data, including names and contact information, was stolen.
Scattered Spider is one branch of a larger community of online hackers known as the Com, according to WSJ reporting. The group uses sophisticated tactics such as social engineering, impersonating remote users, to gain access to corporate networks. They also employ other techniques to move within systems, with the ultimate goal of stealing data or locking them down with software, demanding millions in extortion payments.
The group's previous targets have included cryptocurrency deposits and has been known for unusual actions during breaches, such as logging into incident response meetings. In 2023, Scattered Spider made headlines for a cyberattack on MGM Resorts, which shut down payment systems and booking websites. The attack cost the company about $110 million.
Caesars Entertainment also paid $15 million in ransom money to the hacking group last year, highlighting the vulnerability of casinos and gambling companies to these types of attacks. These companies hold vast troves of customers' personal and financial data, which can be held for ransom or sold to other bad actors on dark web marketplaces.
After U.S. authorities announced several arrests of individuals linked to Scattered Spider last November, the group appeared to go silent. However, its suspected activity in the U.K. suggests that it is more resilient than some investigators believed.
Reaction from Authorities and Retailers
The U.K.'s National Cyber Security Centre (NCSC) and tech giant Google have both issued guidance to companies on how to protect against such attacks. The NCSC is working with affected retailers to determine if the recent U.K. attacks are linked.
Prevention and Response
The U.K.'s National Cyber Security Centre (NCSC) has emphasized the importance of prevention and response in the face of these types of attacks. Companies can take several steps to protect themselves, including implementing robust security measures, monitoring for suspicious activity, and having a plan in place for responding to breaches.