Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre

The National Cyber ​​Security Center (NCSC) warned of criminals who launched electronic attacks by British retailers to impersonate office information technology to storm organizations.

The infiltrators have targeted signs, Spencer, CO-OP and Harrods in the last two weeks, and On Friday, the unknown group informed the BBC There will be more attacks soon.

Now NCSC, the government agency responsible for cybersecurity, I issued instructions for organizations Urging them to review the auxiliary office “password reset” to reduce their chances of hacking.

“We believe in following best practices, all companies and organizations can reduce the chances of falling as a victim of actors like this,” she said.

She said companies should re -evaluate how to “authenticate employee employees” before the passwords, especially senior employees who have access to high -level parts of the IT network.

Press speculation about “social engineering” has highlighted as a means that the infiltrators may have been able to reach the accounts.

Criminals use social engineering techniques to make people trust them when sending an email or text message or pretending to be from the company’s information technology assistance office – ultimately deceived employees to deliver their passwords and safety symbols.

This also works in the other direction – calling people working on the assistance office and pretending to be a trapped employee from their account.

Cyber ​​security experts now recommend other layers of security to deal with these types of attacks.

“The presence of icon’s words that are used when one of the employees changes their credentials, such as” Bluepenguin “, is one of the things that are discussed in the Internet community as a way to verify that the employee member is real.”

“Ultimately, it returns to the same problem with login approved data as always – we need multiple ways to ensure that it is not easy to overcome.”

NCSC advice is the most powerful tip, but infiltrators use the most common tactics with a group of English -speaking criminals, nicknamed the sprays spider.

The name derives from the “spider” as the mark granted to cyber criminals who have financial motives, while “scattered” because they are not a coherent and organized gang.

In the past two years, these dispersed infiltrators, in adolescence or in the early twenties, coordinated attacks on the dispute and telegram to violate dozens of companies and steal or stood data to blackmail their victims.

NCSC is not specifically called the group as responsible for the current wave of attacks, but it admits that the scattered spider is known for these types of penetrations.

In other NCSC advice, electronic defenders are urged to view “risky entry records”.

This means searching for when and where the employees have logged from – for example late at night or from strange locations.

Although web criminals can be anywhere in the world, the English -speaking young infiltrators in the United Kingdom and the United States have become skilled in the use of social engineering in their attacks.

The scattered spider infiltrators were responsible for prominent attacks, including Coordinated movements against casinos In Las Vegas, MGM major casinos and Caesar Palace were subjected to a quick sequence.

There were six arrests last year from infiltrators accused of being spider scattered in the United States and the United Kingdom.

In July 2024 A 17 -year -old child was arrested from Wasal As part of the FBI investigation into the MGM penetration – and months later A person of the same age and the site was arrested Regarding another penetration of transportation to London.

The police will not say whether the alleged infiltrator is the same person.

On Friday, infiltrators responsible for the current wave of attacks spoke to the BBC.

Criminals have repeatedly denied that they are scattered from the spider and will only call themselves Dragonforce – the name of infiltrators to serve cyber crime can use malware and extortion.

The infiltrators, who were fluent speakers in English, revealed to the BBC that they were at risk and stolen a large amount of customer and employees’ data.

They will not discuss the breaks M & S. But it is believed that Dragonforce Ransomware has been used to scramble in the company’s information technology servers.

While NCSC said it “has visions”, he added that she “was not in a position that she was allowed after she says whether these attacks were linked.”

“We are working with the victims and colleagues to enforce the law to make sure of this,” he said.