Google has warned that a hacking group linked to “Scattered Spider,” which is believed to be behind the attack on UK retailer Marks & Spencer (M&S), is now targeting similar companies in the US.
Earlier this week, M&S said that a cyberattack reported in April, which has disrupted its online services for more than three weeks, had led to the compromise of certain customer data.
“Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken,” M&S said in a statement.
M&S, one of the UK’s most recognized brands, suspended online orders on April 25 as its stock value fell 15% since the Easter weekend, when the first signs of operational trouble appeared.
The group linked to Scattered Spider tends to concentrate its attacks on one industry at a time and is expected to continue targeting the retail sector for the near future, according to Hultquist.
“US retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” John Hultquist, an analyst at Google’s cybersecurity arm, said in a statement, Reuters reported.
Cybercriminals associated with the Scattered Spider network have been involved in several high-profile breaches across the US and the UK. In 2023, the group drew attention for infiltrating major casino firms, including MGM Resorts International and Caesars Entertainment.
An earlier Reuters report said that the FBI has struggled to stop hackers linked to Scattered Spider, partly due to limited cooperation from victims and the group’s loose structure, with small clusters of individuals collaborating intermittently on specific attacks.
The growing threat of Scattered Spider
As cyberattacks grow more sophisticated, security experts are increasingly warning about the evolving tactics of threat groups like Scattered Spider. Their ability to blend traditional and modern hacking methods poses a significant risk to enterprises, particularly those heavily reliant on cloud infrastructure.
“Scattered Spider-linked groups are known to have deep knowledge of cloud technologies and MFA hacking,” said Keith Prabhu, founder and CEO of Confidis. “This, along with traditional expertise in hacking techniques such as social engineering and ransomware, makes them a unique adversary.”
The group’s track record, which includes several high-profile breaches, has put the spotlight on the need for stronger defense mechanisms. Prabhu emphasized the importance of preparedness among targeted industries.
“Given the history of hacks by Scattered Spider, US retailers would do well to study their techniques and ensure they have the necessary countermeasures in place, especially in the areas of cloud security and end-user awareness,” Prabhu noted. “They also need to reassess their basic cyber hygiene, including vulnerability management, patching, and hardening of various systems, particularly those on the cloud.”
The attackers appear to be deliberately targeting organizations where downtime would result in significant financial losses and reputational harm.
“Hackers seem to be going after high-visibility, high-payout victims who would be hit hard economically as a result of downtime,” Prabhu added. “For instance, M&S suffered daily losses and a resulting drop in share price. This makes it very difficult for management not to pay out a ransom.”
The original article found on The most effective phishing QR code is a new drug and alcohol policy supposedly from HR | CSO Online Read More
