Cyber incident at Marks & Spencer suspected to involve Scattered Spider hackers
https://www.techmonitor.ai/technology/cybersecurity/cyberattack-marks-spencer-scattered-spider-hackers
I am sure everyone is aware of the problems at Marks and Spencer.
It seems that the incident is now an attack and Bleeping Computer is reporting that a group known as Scattered Spider that is said to have encrypted M&S’ data. The group is known for employing advanced social engineering techniques, including phishing and multi-factor authentication fatigue attacks, to gain unauthorised network access.
My message remains the same as always, train staff and keep awareness levels up. Its is very easy to become complacent. Cyber criminals are prepared to be very patient and slowly force their way into networks.
As the attack appears to have started as early as February, though this is not yet confirmed, patience seems to be the operative word. Currently, no data loss has been reported and most believe this is ransomware attack. Again, this is not confirmed though experts are saying this has all the signs of such an attack.
We don’t yet know if any data has been compromised. The UK GDPR states that a data breach is where an organisation loses control of its data, so this is no doubt, a data breach. However, have passwords and other credentials been lost and therefore made available on the dark web?
Our advice is that, if you, like many, use the same password for differing applications, you should think about changing all your passwords that shared your M&S password.
I am sure you will all join me in hoping one of Britain’s favourite retailers can resolve the problems it faces…and soon