Beginning in early 2025, the RaaS (ransomware-as-a-service) group, DragonForce has allegedly been working with affiliates Scattered Spider to aggressively target high-profile UK retailers including Marks & Spencer, Co-op, and Harrods.
In the Marks & Spencer incident, the affiliates reportedly used social-engineering attacks on service desks to gain initial access before unleashing DragonForce’s ransomware. By deploying this ransomware to encrypt networks, the threat actors have caused major disruptions to online orders and payment systems, and have threatened the publication of customer and employee data.
Specops Software has recently released three analyses on the Marks & Spencer attack, each diving into distinct aspects of the incident:
- The Rise of Ransomware-as-a-Service (RaaS): Groups like DragonForce are operating on a franchise model, providing ransomware tools to affiliates, thereby lowering the technical barrier for launching attacks. This analysis covers DragonForce, its RaaS model, how it works, how it was used in the M&S attack, and the possible infighting that’s been occurring between DragonForce and RansomHub.
- Service Desk Exploitation: Scattered Spider has demonstrated how easily service desks can be manipulated, emphasizing the need for stringent verification processes. This analysis discusses Scattered Spider’s alleged role in the M&S, Co-op, and Harrods attacks, the service desk M.O. that the group seems to employ, and how organizations can defend against these attacks.
- Active Directory Vulnerabilities: The theft of NTDS.dit files, containing password hashes, highlights the critical importance of securing Active Directory environments. This final analysis explains the impact of service desk attacks on Active Directory data bases, as well as what organizations can do to protect their ADs.
All of these are worth reading if you are responsible for defending your organizations from threat actors.
Like this:
Like Loading...
Related
This entry was posted on May 14, 2025 at 1:26 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Major UK retail hacks arising from sophisticated service desk social engineering says Specops
Beginning in early 2025, the RaaS (ransomware-as-a-service) group, DragonForce has allegedly been working with affiliates Scattered Spider to aggressively target high-profile UK retailers including Marks & Spencer, Co-op, and Harrods.
In the Marks & Spencer incident, the affiliates reportedly used social-engineering attacks on service desks to gain initial access before unleashing DragonForce’s ransomware. By deploying this ransomware to encrypt networks, the threat actors have caused major disruptions to online orders and payment systems, and have threatened the publication of customer and employee data.
Specops Software has recently released three analyses on the Marks & Spencer attack, each diving into distinct aspects of the incident:
All of these are worth reading if you are responsible for defending your organizations from threat actors.
Share this:
Like this:
Related
This entry was posted on May 14, 2025 at 1:26 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.