Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
The UK’s cyber security agency has warned retailers to be alert to cyber criminals impersonating IT help desks, after a spate of recent attacks on major high street names.
The advice comes after Marks and Spencer, Co-op and Harrods were targeted by hackers.
The National Cyber Security Centre, part of GCHQ, has issued guidance to companies urging them to pay particular attention to so-called social engineering tactics, whereby criminals target IT help desks to change passwords and reset authentication processes in order to gain access to their systems.
Such tactics include impersonating an employee and tricking an IT help desk into resetting their password.
Co-op admitted on Friday that cyber criminals were able to access and extract names and contact details for a significant number of customers after initially saying it had fended off the attack.
The mutual has said there were some shortages in its stores as it works “around the clock to reduce disruption and resume deliveries”.
Separately, M&S has also been working to fill empty shelves after last week it admitted it had “pockets of limited availability”. The company first disclosed a fortnight ago that its systems had been compromised, and has been unable to accept online orders for more than a week while it tries to restore its operations.
Rafe Pilling, threat intelligence director at Secureworks, told the Financial Times on Tuesday that NCSC’s guidance suggests that social engineering tactics “may have played a role in the intrusion” and pointed to “account takeover playing a role”.
He previously said these types of criminals were good at manipulating employees and talking them into revealing credentials or resetting passwords.
Pilling added on Tuesday: “If the compromise had occurred by malware being delivered to the victim and then used to access their network, the [NCSC] advice would be different.”
The NCSC said that while it had “insights” into the several attacks on retailers, “we are not yet in a position to say if they are linked, if this is a concerted campaign by a single actor or whether there is no link between them at all”. The agency also did not confirm reports that social engineering was behind some of the attacks.
