Share this article on:
Powered by MOMENTUMMEDIA
Breaking news and updates daily.
The UK’s cyber watchdog has issued a warning to CISOs across the country following the trio of successful cyber attacks on major UK retailers in the last two weeks.
Late last month, UK retail giant Marks & Spencer revealed that it had been affected by a “cyber incident” that forced it to bring an increasing number of systems offline.
Only a week later, a second UK retailer, Co-op, revealed it had detected unauthorised access, later revealing that customer data had been accessed and exfiltrated. It also disabled a number of systems.
Finally, luxury UK department store Harrods said it had “recently experienced attempts to gain unauthorised access to some of [its] systems”.
According to reports by the BBC, all three incidents have been claimed by the DragonForce ransomware gang, a claim that is backed by signs of their malware and more. Additionally, US cyber firm SentinelOne has also attributed the incidents to DragonForce.
“The DragonForce ransomware group has been targeting UK retailers in a series of coordinated attacks causing major service disruptions,” said Sentinel One.
“Prominent retailers such as Harrods, Marks and Spencer, and the Co-Op have all reported ongoing incidents affecting payment systems, inventory, payroll and other critical business functions.”
Now, the UK National Cyber Security Centre (NCSC) has said it has begun working with the affected organisations to deal with the incidents.
“The NCSC continues to work closely with organisations that have reported incidents to us to fully understand the nature of these attacks and to provide expert advice to the wider sector based on the threat picture,” said NCSC CEO Dr Richard Horne.
At this stage in its investigation, the NCSC said that while it has insights into the incidents, it is “not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor or whether there is no link between them at all”.
The agency also told UK CISOs to prepare for cyber attacks like the ones affecting the three retailers.
“Preparation and resilience [do] not mean just having good defences to keep out attackers. No matter how good your defences are, sometimes the attacker will be successful,” said the NCSC in a statement seen by CSO Online.
“It also means detecting threat actors when they are using your employees’ legitimate access (or are on your network, or in your cloud services) whilst being able to contain attackers to prevent damage, and to respond and recover when an attack has got through your defences.”
The NCSC recommends CISOs action the following:
Ensure multifactor authentication is enabled across the company.
Bolster unauthorised account usage monitoring, such as suspicious sign-in attempts or unusual behaviour.
Monitor password reset requests through helpdesk and review the reset processes, particularly for senior accounts. Additionally, monitor cloud, enterprise and domain admin accounts for illegitimate access.
Ensure security teams can identify when users log in with VPN technology to hide geographic locations.
And ensure that security teams are up to date with threat intelligence procedures and techniques.
Be the first to hear the latest developments in the cyber industry.