4 Arrested in UK Over M&S, Co-op, Harrods Hacks
The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.
Coverage of incidents attributed to Scattered Spider, with analysis of infrastructure, disruption efforts, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Scattered Spider is a label used in public reporting for a loosely defined, financially motivated intrusion set. Attribution is not always consistent, and the name may encompass related operators rather than a single centralized organization. Reported activity has involved social engineering of help-desk staff, theft or takeover of credentials and MFA-recovery methods, and access to cloud, identity, or virtual-administration environments. These techniques can turn weaknesses in account-recovery procedures into privileged access without exploiting a software vulnerability.
The principal defensive concern is compromise of the identity-management plane. Organizations should require robust, independently verified help-desk identity checks; prefer phishing-resistant MFA for privileged and remote access; restrict and alert on MFA, password, SIM, and recovery-setting changes; and monitor identity-provider, VPN, cloud, and administrative logs for unusual authentication or privilege changes. Threat intelligence is most useful when it supports behavior-based detection rather than reliance on a fixed list of indicators. If suspected, preserve authentication and support-ticket records quickly and investigate linked accounts, sessions, tokens, and administrator actions.
The UK's National Crime Agency arrested four people, who some experts believe are connected to the notorious cybercriminal collective known as Scattered Spider.
Authorities in the United Kingdom this week arrested four alleged members of "Scattered Spider," a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer.
Suspects Tied to April Ransomware Attacks Against Retailers M&S, Co-Op, HarrodsThe U.K.'s National Crime Agency on Thursday arrested in England four suspected members of the Scattered Spider cybercrime collective, as part of an ongoing investigation into major, disruptive hack attacks in April against major retailers Marks & Spencer, the Co-Op and Harrods.
Cybercrime gang Scattered Spider is the top suspect in several recent cyberattacks in the U.S. insurance sector, and it's likely that threat actors could still be lurking in other insurers' IT environments, said Peter McMurtrie of consulting firm West Monroe.
Check Point discovered around 500 suspected Scattered Spider phishing domains, suggesting the group is preparing to expand its targeting
Plus: Qantas makes contact with 'potential cyber criminal' While the aviation industry has borne the brunt of Scattered Spider's latest round of social engineering attacks, the criminals aim to catch manufacturing and medical tech companies — and even Chipotle Mexican Grill — in tjeor web, as evidenced by hundreds of domains that security researchers say look a lot like phishing websites used by the criminal crews.…