Google has raised alarms about a hacking group known as ‘Scattered Spider’ that is reportedly targeting U.S. retailers, following a recent cyberattack on UK retailer Marks & Spencer (M&S). According to a statement from M&S, a sophisticated cyber incident reported in April compromised some customers’ personal data and disrupted online services for over three weeks. M&S stated, “Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken.”
The disruption led M&S to suspend online orders on April 25, causing the brand’s stock value to plummet by 15% since Easter weekend. John Hultquist, an analyst at Google’s cybersecurity arm, advised U.S. retailers to take heed of the group’s aggressive and innovative tactics. He noted that Scattered Spider tends to focus its attacks on one industry at a time and is expected to continue targeting the retail sector.
Scattered Spider has been linked to numerous significant breaches across both the U.S. and the UK. Notably, the group gained notoriety for infiltrating major casino operators, including MGM Resorts International and Caesars Entertainment in 2023. An earlier Reuters report revealed that the FBI has struggled to counteract Scattered Spider’s activities, partly due to a lack of cooperation from victims and the group’s decentralized structure that facilitates intermittent collaboration among small clusters of individuals.
As the threat landscape evolves, cybersecurity experts are increasingly concerned about the tactics employed by groups like Scattered Spider, which combine traditional and modern hacking methods. Keith Prabhu, founder and CEO of Confidis, remarked on their knowledge of cloud technologies and multi-factor authentication (MFA) hacking. He emphasized the importance of preparedness for organizations within targeted sectors.
Prabhu advised that U.S. retailers should study the group’s attack methodologies and enhance their defenses, particularly concerning cloud security and vulnerability management. He highlighted the necessity of maintaining basic cyber hygiene and patching systems to mitigate potential attacks. The financial implications of downtime following a breach cannot be overstated, as exemplified by M&S’s lost revenue and declining share prices, making it difficult for firms to resist ransom demands.