Latest news with #NathanielJones
Daily Mail
03-05-2025
- Business
- Daily Mail
Co-op calls in UK's FBI as 'DragonForce' hackers gloat they have the private information of 20m customers
Cyber experts from the National Crime Agency – Britain's equivalent to the FBI – are hunting computer hackers who claim to have stolen the private information of 20 million Co-op customers. The criminal group, calling itself DragonForce, said it had infiltrated the retailer's IT network and stolen both customer and employee data in its cyber attack on Wednesday. Co-op conceded that 'personal data such as names and contact details' had been taken from its membership scheme after the devastating scale of the attack was revealed by the hackers. The retail giant, with more than 2,500 supermarkets, 800 funeral homes and an insurance business, initially downplayed the attack by saying it had 'pre-emptively' shut down parts of its IT network after detecting an attempted breach. But the anonymous hackers behind DragonForce contacted the BBC with evidence of databases they had accessed, containing the user names and passwords of all employees, as well as customer membership card numbers, their names, home and email addresses and phone numbers. The ransomware group are seeking to extort money from the company, but have not said what they would do with the data if they do not get paid. DragonForce has also claimed responsibility for the ongoing attack on M&S and an attempted hack of Harrods, the BBC said. The Co-op has now admitted that National Crime Agency investigators have been called in, as well as the Government's National Cyber Security Centre. A Co-op spokesman said yesterday: 'As a result of ongoing forensic investigations, we now know the hackers were able to access and extract data from one of our systems. We have implemented measures to ensure that we prevent unauthorised access to our systems while minimising disruption for our members, customers, colleagues and partners.' DragonForce's ransomware operation uses malicious software, which when triggered can prevent the target from accessing their own devices and data. Criminals then use stolen data as leverage to extort huge sums of money. The BBC said hackers sent the first extortion message to Co-op's head of cyber security in an internal Microsoft Teams chat on April 25. The message read: 'Hello, we exfiltrated the data from your company. We have customer database, and Co-op member card data.' The hackers say they also messaged other members of the executive committee as part of their scheme to blackmail the firm. The tactics used were similar to those of Scattered Spider, a notorious network of largely British and American young adults and teenagers skilled at evading detection. An expert said the hackers were likely able to bluff their way past staff because their command of the English language gave them 'authenticity' – a crucial asset in convincing targets to unwittingly compromise their own security. Nathaniel Jones, vice president of security and AI strategy at cyber security firm Darktrace, told The Mail on Sunday this made the scam 'unique'. 'Most of those sort of cyber crime gangs are sitting in Russia or Belarus,' he said. 'So the fact that they're English native speakers, a number of them, that's quite unique. I don't know another group out there like that.' Mr Jones said hackers' 'native language authenticity' would likely give employees no cause for alarm, when typical scammers asking for log-in details are often distinctively garbled. He added: 'If [a member of staff] picks up the phone and you're talking to a British guy who says it's his IT team, that does sort of give you that false sense of security that I think has been taken advantage of.' M&S chief executive Stuart Machin said on Friday that the firm was 'working day and night' to resolve its IT issued, but did not put a time frame on when operations would be back to normal – leaving customers frustrated by disruption to online shopping and click-and-collect services. Labour MP Matt Western, chairman of the joint committee on the National Security Strategy, said: 'These attacks are a startling reminder that whole chunks of our economy, including some of our most valued brands, are vulnerable to cyber attacks. 'This is not an issue that should only concern those working in sensitive areas. And it isn't just the business that is affected, it's the wider supply chains. 'We need to encourage the whole of society to take part in building resilience against these serious threats.'
RTÉ News
01-05-2025
- Business
- RTÉ News
Co-op latest British retailer to be hit by cyber attack
Britain's Co-op Group said that hackers had attempted to break into its systems, the second high-profile cyber attack on a major UK retailer in as many weeks, following an ongoing incident at Marks & Spencer. The Co-op, which is owned by its members and trades from over 2,300 food stores across the UK and also has funeral care, legal and insurance businesses, said the attack had forced it to shut down some of its back office and call centre operations. It said all its stores, online operations and funeral homes were trading as usual and it was working to reduce disruption. "We have recently experienced attempts to gain unauthorised access to some of our systems," a Co-op spokesperson said. "We have taken proactive steps to keep our systems safe." The incident appears to have had less of an impact than the attack on Marks & Spencer, one of Britain's best known retailers, which has paused taking clothing and home orders through its website and app for the last six days. British companies, public bodies and institutions have been hit by a wave of cyber attacks in recent years, costing them tens of millions of pounds and often months of disruption. The attack on M&S has come during a bout of warm weather in Britain, when retailers would normally report an increase in demand for summer clothing. Availability of some food products has also been affected in some stores. The National Cyber Security Centre is working with both companies and the National Crime Agency said last week it was aware of the M&S incident. The Metropolitan Police confirmed yesterday that detectives from its Cyber Crime Unit were investigating the M&S attack. While M&S has not disclosed the nature of the cyber attack, cyber security experts have said the fact that M&S took systems offline suggested it was a ransomware-related event. Technology specialist site BleepingComputer, citing multiple sources, said a ransomware attack that encrypted M&S's servers was believed to have been conducted by a hacking collective known as "Scattered Spider". Scattered Spider comprises small clusters of people, including youngsters, who collaborate on and off on specific jobs, security experts and officials have said. It has been blamed for unusually aggressive cybercrime sprees, and in 2023, members of its community locked up the networks of casino operators Caesars Entertainment and MGM Resorts International and demanded hefty ransom payments. Nathaniel Jones, VP of Security & AI Strategy at cybersecurity company Darktrace, said the alleged confirmation that Scattered Spider was behind the M&S attack via the DragonForce encryptor highlighted the sophisticated threat this group posed to major organisations. He said members of the group did not just exploit technical vulnerabilities but manipulated people, especially IT help desks, through phishing, Multi-Factor Authentication (MFA) bombing, and SIM swapping to gain access.
The Guardian
01-05-2025
- The Guardian
How ‘native English' Scattered Spider group linked to M&S attack operate
If there is one noticeable difference between some members of the Scattered Spider hacking community and their ransomware peers, it will be the accent. Scattered Spider has been linked to a cyber-attack on UK retailer Marks & Spencer. But unlike other ransomware assailants, its constituents appear to be native English speakers and are not from Russia or former Soviet states. This helps with one of the techniques in their armoury that a Russian hack might struggle to replicate: ringing up company IT desks and gaining entry to systems by pretending to be employees, or pretending to be from company IT desks and calling employees. 'Native English authenticity can sometimes lead to an automatic sense of trust. There is a level of perceived familiarity that might cause personnel or even IT teams to lower their guard slightly,' says Nathaniel Jones, the vice-president of threat research at the cybersecurity firm Darktrace. In November last year, the US Department of Justice gave an insight into Scattered Spider's alleged personnel by charging five individuals over the targeting of unnamed American companies with 'phishing' text messages. The DoJ alleged that the accused sent fake texts to employees that tricked them into providing confidential information including their company logins. As a result sensitive data was then stolen – including intellectual property – as well as millions of dollars' worth of cryptocurrency from people's digital wallets. All of the accused were in their 20s at the time they were charged. It charged four people in the US, their ages ranging from 20 to 25, as well as the Scottish 23-year-old Tyler Buchanan, who was deported to the US from Spain last week. He is due to appear in court in Los Angeles on 12 May. The US cybersecurity agency revealed Scattered Spider's IT desk gambit in a notice published in 2023. Ransomware victims attributed to other Scattered Spider attacks include casino operators MGM Resorts and Caesars Entertainment who were hit in 2023. After that attack, West Midlands police announced last year it had arrested a 17-year-old in Walsall. West Midlands police has been contacted for an update on the case. Scattered Spider was named as the alleged perpetrator of the M&S attack by BleepingComputer, a tech news site. BleepingComputer reported that the attackers then deployed a piece of malicious software-for-hire known as DragonForce to disable parts of the retailer's IT network. These attacks are known as ransomware attacks because the assailant then demands a substantial payment, typically in cryptocurrency, to restore access to affected computers. Using another gang's ransomware is a common practice, known as a ransomware-as-a-service model, where the two entities involved share any proceeds. Analysts at Recorded Future, a cybersecurity firm, said that Scattered Spider was more of an 'umbrella term' than a centralised group of financially motivated cybercriminals – hence the 'scattered' moniker. The analysts said it is not a 'monolithic entity' and it originated in 'The Com', another loosely connected online community engaged in an array of criminal acts from sextortion to cyberstalking and payment card fraud. 'Members and affiliates of Scattered Spider gathered on platforms like Discord and Telegram, most often in closed, invite-only channels and groups,' Recorded Future analysts said. Ciaran Martin, the ex-chief executive of the UK's National Cyber Security Centre, said that Scattered Spider was a 'rarity' given its non-Russian background. 'An overwhelming majority of ransomware groups are based in Russia. [Scattered Spider] are clearly not, though they seem to have hired Russian code for this attack in DragonForce. But it seems they're based here and in the US. Hopefully that makes them arrestable. This is unusual,' said Martin, who is a professor at the Blavatnik school of government at the University of Oxford. Martin added that Scattered Spider's youthful notoriety should not detract from the threat. 'They are a very unusual but potently threatening bunch,' he said.
CNA
30-04-2025
- Business
- CNA
Co-op is latest British retailer to be hit by cyber attack
LONDON :Britain's Co-op Group said on Wednesday hackers had attempted to break into its systems, the second high-profile cyber attack on a major UK retailer in as many weeks, following an ongoing incident at Marks & Spencer. The Co-op, which is owned by its members and trades from over 2,300 food stores across the UK and also has funeral care, legal and insurance businesses, said the attack had forced it to shut down some of its back office and call centre operations. It said all its stores, online operations and funeral homes were trading as usual and it was working to reduce disruption. "We have recently experienced attempts to gain unauthorised access to some of our systems," a Co-op spokesperson said. "We have taken proactive steps to keep our systems safe." The incident appears to have had less of an impact than the attack on Marks & Spencer, one of Britain's best known retailers, which has paused taking clothing and home orders through its website and app for the last six days. British companies, public bodies and institutions have been hit by a wave of cyber attacks in recent years, costing them tens of millions of pounds and often months of disruption. The attack on M&S has come during a bout of warm weather in Britain, when retailers would normally report an increase in demand for summer clothing. Availability of some food products has also been affected in some stores. The National Cyber Security Centre is working with both companies and the National Crime Agency said last week it was aware of the M&S incident. The Metropolitan Police confirmed on Wednesday that detectives from its Cyber Crime Unit were investigating the M&S attack. RANSOMWARE While, M&S has not disclosed the nature of the cyber attack, cyber security experts have said the fact that M&S took systems offline suggested it was a ransomware-related event. Technology specialist site BleepingComputer, citing multiple sources, said a ransomware attack that encrypted M&S's servers was believed to have been conducted by a hacking collective known as "Scattered Spider". Scattered Spider comprises small clusters of people, including youngsters, who collaborate on and off on specific jobs, security experts and officials have said. It has been blamed for unusually aggressive cybercrime sprees, and in 2023, members of its community locked up the networks of casino operators Caesars Entertainment and MGM Resorts International and demanded hefty ransom payments. Nathaniel Jones, VP of Security & AI Strategy at cybersecurity company Darktrace, said the alleged confirmation that Scattered Spider was behind the M&S attack via the DragonForce encryptor highlighted the sophisticated threat this group posed to major organisations. He said members of the group didn't just exploit technical vulnerabilities but manipulated people, especially IT help desks, through phishing, Multi-Factor Authentication (MFA) bombing, and SIM swapping to gain access.
Yahoo
28-04-2025
- Business
- Yahoo
M&S tells warehouse agency staff to stay home as cyber incident continues
LONDON (Reuters) - British retailer Marks & Spencer told agency staff at its central England distribution centre to stay at home on Monday, after it stopped taking online orders following a cyber incident last week. Shares in the company, one of the best known names on Britain's shopping streets, were trading down 2% on Monday, having lost as much as 8% since April 22 when it said it had been grappling with a cyber incident for a few days. M&S told agency staff who usually work at its Castle Donington distribution centre near Derby not to come in, according to a person familiar with the situation. Agency staff are used when the warehouse is at its busiest. About 200 people were told not to come in, said Sky News, which first reported the story. An M&S spokesperson said on Monday there was no further update on the cyber incident following a statement on Friday which announced it was stopping orders from its website and app as part of its "proactive management" of the incident. The chain, which has about 1,000 stores across Britain, makes around one third of its clothing and home sales online. It has said it is working with experts to resolve the issue. Investec analyst Kate Calvert said that the longer it took for online sales to resume, the worse the hit would be for M&S. "There will be a short-term profit impact without a doubt," she said. M&S, which sells upmarket groceries as well as clothing and home products, posted bumper Christmas sales in January and is due to publish full-year results on May 21. Nathaniel Jones, VP of security at cyber security group Darktrace, said the fact that M&S had taken systems offline suggested it was likely a ransomware-related event. "Retailers are increasingly targeted because they combine valuable customer data with complex, interconnected systems," he said.
