News

Scattered Spider targets retail sector in latest cyber attack

What do I need to know? In recent weeks, cyberattacks targeting Marks & Spencer and Harrods have exposed critical weaknesses in the UK retail sector, with ongoing repercussions for customers, employees and businesses alike. Cybersecurity experts believe that M&S fell victim to a Ransomware-as-a-Service attack with hacking group Scattered Spider and the DragonForce tool linked to the breach. This strain specifically exploits outdated systems and known software vulnerabilities, making any business with weak or outdated security protocols, an easy target.

Scattered-Spider.jpg

Scattered Spider continues to target high-profile organisations using tailored social engineering, abuse of identity infrastructure and then rapid lateral movement. An ongoing security issue affecting the Co-op has also raised speculation of the group’s involvement, though this remains unconfirmed at the time of writing.

Who is Scattered Spider?

Scattered Spider, goes by various aliases including 0ktapus, Scatter Swine, UNC3944, and Octo Tempest, is an English-speaking, financially motivated threat group which has been active since May 2022. Known for targeting major organisations such as Microsoft and T-Mobile, their operations range from data theft and extortion to ransomware deployment and crypto theft.

Scattered Spider targets organisations across all sectors, with a particular focus on technology, finance, and telecoms. In short, they are opportunistic and are willing to exploit any company, regardless of industry, with potential security weaknesses.

What do I need to do?

  • Review service desk protocols to block unauthorised password resets and implement strict identity verification for all support interactions. Ensure support staff and administrative users are educated to recognise and challenge social engineering tactics.
  • Implement behavioural analytics and alert systems to identify suspicious login activity and high-risk access patterns. Ensure phishing resistant multi-factor authentication (MFA) is enabled on all cloud accessible systems and minimise dependence on SMS-based authentication methods.
  • Restrict system-to-system access and enforce the principle of least privilege to minimise the risk of lateral movement. Strengthen controls over admin privileges, incorporating ‘just-in-time’ access where possible.

For M&S and Harrods, the incident has highlighted just how vulnerable modern day systems can be. With businesses increasingly dependent on interconnected cloud platforms, even a minor breach can quickly escalate into major operational disruption and reputational damage. A single weak point, whether in internal software or a third-party provider, can put an entire operation at risk. This is not just about large enterprises; it’s a challenge that all organisations face in keeping operations secure, customer data safe, and reputations intact.

For more information on the above or to discuss how we can further help secure your business, please contact your Connect Systems Account Manager today or get in touch with us here.

< Back