Retailers in the united states are now coming under attack from Scattered spiderThe English-Speaking Hacking Collective that is Suspected of Behind A Series of Dragonforce Ransomware Attacks on High Street Stores on High Street Stores Marks & Spencer (M & s) and Co-opAccording to Google's Threat Intelligence Group (GTIG).
GTIG and Its Cohorts at Google Cloud's Mandiant Threat Intel Unit Said The Cyber Attacks are Still Under Investigation, And for Reasons of Privacy The Researchers have not yet not yet named any Victims in the us. The team also help back from providing any formal attribution at this time.
“The us retail sector is currently being targeted in ransomware and extraction operations that we suspect are linked to unC3944, also know as scattered spider,” Gtig Chitig Chitign Hultukist Told Computer Weekly Via Email This Afternoon.
“The actor, which has reportedly targeted retail in the uk following a long hiatus, has a history of focusing their efforts on a single sector at a time, we anticipate the will constable to target to target to the sector in the sector Near Term. Us retailers should take note, ”said hultquist.
Hultquist described scattered spider as aggressive, Creative, and highly adept at circumventing even the most mature security programs and defense.
“They have had a lot of success with social engineering and leveragging third parties to Gain entry to their targets. Mandiant has provided a hardening guide Based on our experience with more details on their tactics and steps organisations can take to defend themselves, ”said hultquist.
Identity, Authentication the first line of defense
When Defending Against Scattered Spider, Hardening Identity Verification and Authentication Practices are of utmost importance, said mandiant.
The gang has proven highly effective at using social engineering techniques to impersonate users Contacting Its Victims' IT HELPDESKS, SO as a FIRST STPP, SO as a FIRST STP, HellPDEFSK STAFSK SULL NEEL NEEDTE AD Training to positively identify inbound contacts, using methods such as on-camera or in-Person Verification, Government ID Verification, Or Challenge and Response Quase.
Security Teams may also want to look into temporary disabling, or enhancing validation, for self-service password resets, and routing both these and multintor authentication resets third manes Workflows for the Time Being. Employees should also be made to authenticate Prior to Changing Authentication Methods, Such as adding a new phone number.
Security Teams can also implement additional safeguards Registered Mobile Number, Before Proceeding with a Sensitive Request.
It may also be worth consider Identities. Ultimately, said Mandiant, The Goal Should Be Transition to Passwordless Authentication If Possible.
More widely, non-It staff should be taught to avoid relaying on publicly available data for verification, such as dates of birth, or the last four digits of us social security numbers.
With no us retailers. 0rcusA Security Automation Platform, Said the Identities of Victims WREGELY IRRELEVANT GIVEN The Commodity of the Threat Chain.
“Whather dragonforce, scattered spider, or a shared affiliate ring executed the intrusion is irrelevant. Who the hell cares. Don't advanced explosions This is the breach-point. Continuing to focus on malware or ransomware only further validates Trust Flow Mismanagement, “Said Adams.
“Phishing, Cred Abuse, Cobalt Strike, Lotl Movement, Systembc Tunnels, Mimikatz Extractions, Data Staging to Mega is now a Commodity Kill Chain. Lateral expansion, data exfiltration, selective encryption, ransom leverage.
Adams Called on Organizations to Start Thinking Like Threat actors. “The next breach will follow the same path. One-click, Credential, Absent Defense Layer.
“Oranisations that survive what's coming will be there that embed threat logic at the protocol level, assign root access to operators who know what adversars Asserting Compliance Equals Control. You can't automate this.
M&S Insurance Claim Likely to top £ 100m
Back in the UK, reports today (14 May) suggested that M & s' Insurers may find themselves on the hook for as much as much as £ 100m folling the ransomware attack, with allianz and beaazley particularly exposede.
According to the Financial Times, The claim would likely covers Lost online sales and data breach liability losses following theft of customer data from the retailer's systems. M & s has alredy lost tens of millions of pounds as a result of the cyber attack, which has left its but its but supply chains in disarray.