Through a new wave of identity-based attacks, Scattered Spider has targeted a number of large UK retailers, such as Marks & Spencer and Co-op. These attacks, which occurred recently, exploited vulnerabilities in identity verification processes to impersonate employees, thereby gaining unauthorized access to sensitive information. It’s worth noting that Scattered Spider deployed particularly clever tactics on the ground, including SIM swapping and social engineering. These techniques deeply embarrassed multi-factor authentication (MFA) without using malware or phishing.
The group’s modus operandi appears to have been conning IT help desks into resetting both passwords and MFA setting for accounts targeted to be compromised. Incredibly, the attackers took on the appearance of real employees. They simply took advantage of gaps in the verification process, making a mockery of the compromised accounts. This represents a growing trend in retail security, where identity-based attacks are the new norm and more effective than ever.
As alarming as Scattered Spider’s work may be, it’s not the only thing getting the retail industry on edge these days through high-profile incidents. Just yesterday, The North Face shared that it was an unsuspecting victim of a credential stuffing attack. Third-party threat actors used these leaked credentials to access customer accounts. This breach became the company’s fourth credential-based breach since 2020, illustrating the continued threat of poor security practices.
In a similar fashion, Adidas recently admitted to a data breach after hackers targeted a third-party customer service provider. This unfortunate episode serves as an important reminder of the dangers in partnerships with outside interests. Attackers have made their way to third-party platforms to find sensitive customer information. Inadvertently exposing customer data through third-party CRM systems triggered breaches for luxury brands Cartier and Dior as well, most notably in the last year.
In fact, the high-profile attacks caused by the increasing prevalence of credential stuffing attacks is a huge headache. Perpetrators leverage earlier compromised usernames and passwords to breach accounts. They’re almost always successful due to the fact that the average user tends to repurpose their login information on multiple sites. Despite the availability of protective measures like MFA, many Software as a Service (SaaS) logins still lack this crucial layer of security.
With these changes happening rapidly on the regulatory landscape, organizations are encouraged to strengthen their cybersecurity practices. Experts recommend implementing comprehensive identity protection solutions, such as those offered by Wing Security, which continuously safeguard SaaS infrastructures and detect potential identity threats before they escalate.