Law enforcement has arrested four individuals in connection with a series of highly cyber skilled hacks on UK’s largest retailers. Among those arrested are a 17-year-old and three other adults aged 19 to 20. The arrest round, which occurred in the West Midlands and London, was carried out by the U.K. National Crime Agency (NCA). Authorities believe the group committed multiple offenses under the Computer Misuse Act, blackmail, money laundering, and participation in criminal enterprise.
The group, named in cybersecurity circles as members of “Scattered Spider,” has long been connected to a broader criminal collective called “The Com.” More recently, Scattered Spider has come to notoriety for a bevy of criminal activities. These new methods of attack range from social engineering, phishing, SIM swapping, extortion, and sextortion to more consequential crimes such as kidnapping and murder. The majority of this group tend to be younger and mostly native English speakers. This operational experience provides them a unique edge in tricking their foes.
The Nature of Scattered Spider’s Operations
The Scattered Spider criminal outbreak mainly focuses on large distance sellers, such as Marks & Spencer, Co-op and Harrods. It’s their approach, which usually employs social engineering techniques, that leverage a breach of trust. They issue fraudulent calls to IT help desks posing as company employees. This powerful tactic misleads their targets into providing sensitive information.
Ransomware is ever at the door. Scattered Spider highlights a determined, highly-capable foe, with a history of successful targeting of even those companies with mature security postures,” said Grayson North, Senior Security Consultant at GuidePoint Security. This points to the group’s effectiveness in penetrating systems that should be very secure.
Halcyon, a cybersecurity firm, has been monitoring Scattered Spider’s activities and identified their role in compromising outsourcing providers. Their tactics just highlight the need for associations to get better with their security practices.
Impact of the Arrests
The recent arrests are a notable step in the ongoing effort to bring down Scattered Spider’s cyber domestic ops. The NCA has already begun forensic analysis on the electronic devices found in the suspects’ homes.
From the moment these attacks started, specialist NCA cybercrime investigators have been laboring around the clock. This investigation is the Agency’s highest priority,” said Deputy Director Paul Foster. He focused on the type of these arrests being extremely important! They are the first step to holding those most responsible for these crimes accountable.
Charles Carmakal noted that organizations can proactively defend against such intrusions by training help desk staff to implement robust identity verification processes and using phishing-resistant multi-factor authentication (MFA).
Future Measures Against Cybercrime
With investigations still ongoing, federal authorities are stressing that businesses who may be targeted with this and similar ransomware attacks should remain alert. With a clear targeting strategy that moves between industries depending on visibility and payout potential, Scattered Spider has proven to be extremely methodical in their attacks.
“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the U.K. and overseas, to ensure those responsible are identified and brought to justice,” added Deputy Director Foster.