Latest news with #Carmakal
Economic Times
2 hours ago
- Business
- Economic Times
Three airlines hit by cyberattacks in three weeks, Scattered Spider to blame: Qantas leads with most damage
A wave of attacks across continents WestJet reported a cybersecurity incident beginning June 13, which disrupted internal systems and restricted access for users of its app and website. The airline responded by launching an investigation, engaging top-tier cybersecurity experts, and notifying both customers and authorities. While operations remained stable, WestJet warned that some guests might experience intermittent digital service interruptions as they worked to resolve the issue. Hawaiian Airlines announced a 'cybersecurity event' on June 26 affecting certain IT systems. The airline emphasized that flight operations and guest safety were not impacted, but it was working with federal authorities and cybersecurity specialists to assess the extent of the breach and restore affected systems. Hawaiian Airlines has committed to providing updates as the investigation continues. Qantas confirmed a cyber incident on June 30, which compromised the data of approximately six million customers via a third-party customer service platform. While the breach did not include financial or passport data, it underscored the sector's vulnerability to sophisticated cyber threats. The scattered spider threat Live Events (You can now subscribe to our (You can now subscribe to our Economic Times WhatsApp channel In a dramatic escalation of cyber threats to global aviation, three major airlines—WestJet (Canada), Hawaiian Airlines (USA), and Qantas (Australia)—have confirmed cyberattacks in the last three weeks, with all signs pointing to the notorious hacking group Scattered Spider as the Spider, also known as UNC3944, is a loosely organized group of primarily English-speaking young men known for their advanced social engineering tactics. They specialize in tricking employees and contractors into granting access to sensitive systems, often using phishing, SIM swapping , and impersonation. Once inside, they may deploy ransomware or sell access to other Carmakal, CTO of Mandiant (Google Cloud), noted:'Mandiant is aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider. The actor's core tactics, techniques, and procedures have remained consistent, meaning organizations can take proactive steps like training help desk staff to enforce robust identity verification and deploying phishing-resistant MFA to defend against these intrusions.'The FBI issued a warning on June 27, alerting the aviation industry that Scattered Spider is expanding its focus and that "anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk". The agency urged early reporting of suspicious activity to facilitate rapid response and intelligence sharing across the experts warn that these attacks are likely just the beginning. Airlines are attractive targets due to their vast stores of personal data, reliance on legacy IT systems, and complex networks of third-party vendors. The recent attacks have not disrupted flight operations but have exposed significant vulnerabilities in digital investigations continue, authorities and cybersecurity professionals are urging all airlines to strengthen digital defenses, enhance employee training, and implement multi-factor authentication to guard against increasingly sophisticated threats.
Time of India
2 hours ago
- Business
- Time of India
Three airlines hit by cyberattacks in three weeks, Scattered Spider to blame: Qantas leads with most damage
A wave of attacks across continents WestJet reported a cybersecurity incident beginning June 13, which disrupted internal systems and restricted access for users of its app and website. The airline responded by launching an investigation, engaging top-tier cybersecurity experts, and notifying both customers and authorities. While operations remained stable, WestJet warned that some guests might experience intermittent digital service interruptions as they worked to resolve the issue. Hawaiian Airlines announced a 'cybersecurity event' on June 26 affecting certain IT systems. The airline emphasized that flight operations and guest safety were not impacted, but it was working with federal authorities and cybersecurity specialists to assess the extent of the breach and restore affected systems. Hawaiian Airlines has committed to providing updates as the investigation continues. Qantas confirmed a cyber incident on June 30, which compromised the data of approximately six million customers via a third-party customer service platform. While the breach did not include financial or passport data, it underscored the sector's vulnerability to sophisticated cyber threats. The scattered spider threat Live Events (You can now subscribe to our (You can now subscribe to our Economic Times WhatsApp channel In a dramatic escalation of cyber threats to global aviation, three major airlines—WestJet (Canada), Hawaiian Airlines (USA), and Qantas (Australia)—have confirmed cyberattacks in the last three weeks, with all signs pointing to the notorious hacking group Scattered Spider as the Spider, also known as UNC3944, is a loosely organized group of primarily English-speaking young men known for their advanced social engineering tactics. They specialize in tricking employees and contractors into granting access to sensitive systems, often using phishing, SIM swapping , and impersonation. Once inside, they may deploy ransomware or sell access to other Carmakal, CTO of Mandiant (Google Cloud), noted:'Mandiant is aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider. The actor's core tactics, techniques, and procedures have remained consistent, meaning organizations can take proactive steps like training help desk staff to enforce robust identity verification and deploying phishing-resistant MFA to defend against these intrusions.'The FBI issued a warning on June 27, alerting the aviation industry that Scattered Spider is expanding its focus and that "anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk". The agency urged early reporting of suspicious activity to facilitate rapid response and intelligence sharing across the experts warn that these attacks are likely just the beginning. Airlines are attractive targets due to their vast stores of personal data, reliance on legacy IT systems, and complex networks of third-party vendors. The recent attacks have not disrupted flight operations but have exposed significant vulnerabilities in digital investigations continue, authorities and cybersecurity professionals are urging all airlines to strengthen digital defenses, enhance employee training, and implement multi-factor authentication to guard against increasingly sophisticated threats.
Yahoo
21-05-2025
- Business
- Yahoo
Scattered Spider hackers in UK are ‘facilitating' cyber-attacks, says Google
UK-based members of the Scattered Spider hacking community are actively 'facilitating' cyber-attacks, according to Google, as disruption to British retailers spreads to the US. A group of hackers labelled 'Scattered Spider' have been linked with attacks on UK retailers Marks & Spencer, the Co-op and Harrods, with Google cybersecurity experts warning this week that unnamed retailers across the Atlantic are being targeted as well. Charles Carmakal, the chief technology officer at Google's Mandiant cybersecurity unit, said that the threat had moved to the US in a pattern typical of Scattered Spider assailants. Related: Largest US crypto exchange says cost of recent cyber-attack could reach $400m 'They tend to focus on a particular industry sector and geography for a few weeks and then they move on to something else,' he said. 'And right now they're focused on retail organisations. They start in the UK, and now they've shifted to US organisations.' Asked if UK members of Scattered Spider were involved in hacking M&S, he said: 'Without specifically naming who the victims are I will say broadly Scattered Spider members in the UK are facilitating and contributing to intrusions.' On Friday it emerged that M&S had warned its staff that some of their personal data may have been stolen in the cyber-attack last month. Sources told the Daily Telegraph that workers were told email addresses and full names were believed to have been taken as part of the hack. Earlier this week M&S revealed that some personal information relating to thousands of customers was taken by the hackers. The targeting of retailers in the UK, and the techniques associated with Scattered Spider, has prompted the country's cybersecurity agency to warn companies to look out for specific tactics. In an advisory note, the National Cyber Security Centre told businesses to look at how their IT help desks help staff members reset passwords. One gambit associated with Scattered Spider – a name coined for a set of hacking tactics rather than an homogenous group – is to ring up IT help desks and pretend to be employees or contractors in order to gain access to company systems. 'What we're seeing is they're making telephone calls, calling up help desks, pretending to be employees and convincing helpdesks to reset passwords,' said Carmakal. Carmakal added that the task of ringing up helpdesks was sometimes carried out by younger members of the Scattered Spider network. 'It's not always the [threat] actors themselves … that are actually making the phone calls. They outsource some of that work to other members of the broader community, generally younger individuals that aggregate on Telegram and Discord and want to make a few hundred bucks.' Scattered Spider is unusual among hacking groups deploying ransomware because it is composed of native English speakers from countries such as the UK, US and Canada. Carmakal said he had listened to 'countless calls' that Scattered Spider hackers have made to company employees, 'whether they were extorting them, or trying to convince somebody to provide credentials or harassing somebody'. Ransomware gangs infect their targets' computer systems with malicious software that effectively locks up their internal files, which the criminals then offer to release in exchange for a payment. Typically, these gangs are from Russia or former Soviet states. Carmakal's comments came as French luxury brand Dior said this week an 'unauthorised external party' had accessed some customer data. The scale of the breach and the identity of the attacker remains unclear, although Paris-based Dior said no payment information had been taken. This week Google's cybersecurity specialists said Scattered Spider was targeting US retailers. 'The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to … Scattered Spider,' said John Hultquist, the chief analyst at Google Threat Intelligence Group. 'The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.'
Daily Mail
29-04-2025
- Business
- Daily Mail
M&S cyber attack is linked to gang of teenage hackers called 'Scattered Spider' who also targeted casino giant MGM
An alleged cyber attack which has crippled Marks and Spencer has been linked to notorious teenage hacking gang, Scattered Spider. The retailer has been left reeling following the devastating hack which forced it to halt online sales for five days - with its share prices plummeting by more than £500m. Now experts assisting M&S have claimed the cartel of cyber criminals - thought to be made up of British and American youths - could be behind the online security breach. Scattered Spider uses the hacking tools developed by the Russia-linked group known as BlackCat and ALPHV, which may indicate a business partnership between the groups to share in ransom payments. They have previously been linked with major hacks that incapacitated casino giants MGM Resorts International and Caesers Entertainment. The group reportedly used a digital attack to knock out slot machines at MGM and disrupt other systems, while gang members raided personal details of customers in a separate incident at Caesers. The ransomware hack against M&S is understood to have locked down many of the retailer's systems, reports the Telegraph. Ransomware attacks can happen when a criminal gang infiltrates a victim's IT infrastructure, using a computer virus to encrypt files and computers, before hackers then demand a ransom fee to unlock them. An alleged cyber attack which has crippled Marks and Spencer has been linked to notorious teenage hacking gang, Scattered Spider. Such fees can run into the millions. The gang, also known as UNC3944, has hit telecom and business process outsourcing companies in the past, but more recently also targeted critical infrastructure organisations, according to analyst reports. Charles Carmakal, chief technology officer at Mandiant Intelligence, called Scattered Spider 'one of the most prevalent and aggressive threat actors impacting organizations in the United States today.' 'Many members are native English speakers and are incredibly effective social engineers,' he wrote, referring to the tactic of duping human targets, including over the phone. 'They leverage tradecraft that is challenging for many organizations with mature security programs to defend against,' Carmakal said in a post on LinkedIn. Following the alleged attack, some M&S stores have been left with empty shelves as the beleaguered retailer continues to battle with fallout of a crippling hack. Shoppers have been left furious after some outlets were left 'completely empty', with items including bananas, fruit and vegetables, fish and Colin the Caterpillar cakes out of stock. Some sites have been so badly blighted by the lack of stock, they have reportedly been forced to display signs on hot food counters saying 'temporarily closed'. When asked, staff reportedly claimed the supply woes were linked to the suspected cyber attack, which has already forced M&S to cancel online orders. An M&S spokeswoman told MailOnline: 'As part of our proactive management of the incident, we took a decision to take some of our systems temporarily offline. 'As a result, we currently have pockets of limited availability in some stores. We are working hard to get availability back to normal across the estate. Empty shelves are the latest warning sign that M&S is struggling to deal with aftermath of the alleged cyber attack over Easter. The woes began with the halting of click-and-collect orders and the downing of M&S contactless payment systems, which impacted stores nationwide over the bank holiday weekend. On Monday, shoppers were left unable to make purchases online for a fourth day. In a message on its website, M&S said the pause on orders was 'part of our proactive management of a cyber incident'. However, the retailer has so far not given an indication on when the chaos will end. Shoppers have been left increasingly outraged at the disruption, with some taking to social media to share their anger. One claimed to have driven an hour to an M&S store in Aberdeen, only to find shelves bare and items missing. 'I appreciate the ongoing issues but M&S need to keep customers better informed,' they raged online. Another added: 'Monday afternoon and empty shelves in your @marksandspence Foyleside store! Now this is becoming a common issue with this store everytime I visit.' Another disgruntled shopper wrote: 'When will online orders resume? I go on holiday at the weekend and have been waiting to order some clothes for my children.' While others shared memes with the slogan: 'This is not just a cyber attack. This is an M&S cyber attack.' M&S has insisted it will refund orders placed by customers on Friday, while those who want to collect orders made online are being urged to wait for an email telling them when to do so. As well as causing mayhem in stores, the aftermath of the suspected cyber attack also led to disruption for deliveries, workers said, with stores reportedly receiving fewer pallets that normal. And on Monday, agency staff based at one of M&S's major distribution centres in the East Midlands were told to stay home, as the crisis continued to deepen. The mayhem has already seen M&S stock plunge three per cent this week, as the retailer grapples to regain control following the Easter weekend cyber 'incident'. Jane Foley head of FX strategy at Rabobank told BBC Radio 4 the fallout of the cyber attack against M&S had left shareholders spooked – with stock prices tumbling. 'Some investors are thinking enough is enough. About £700m has been wiped off the value Marks and Spencers on the stock market... they really do need to come through with some positive news fast to stop investors getting too nervous,' she said. Nayna McIntosh , who spent 30 years in fashion retail including five as part of M&S's executive committee, said bosses at the struggling retail giant were in an 'unenviable position'. 'There will be some very difficult conversations taking place in Paddington,' she warned. 'I come at this as somebody who started my retail career as a Saturday girl more years than I care to think about, so I have a deep affection for the brand and this is really painful to see.' Speaking of the continued decision to pause online orders as tech gurus continue to scramble to fix the cyber attack, she said: 'It's almost like cutting off one of your limbs. 'It's a third of their business and it is the disruption that it puts customers in and starts them asking questions. 'It will have been a very difficult decision to have made on Friday and as it enters a second week, for them still to be there will be incredibly painful.' Nicholas Found, from Retail Economics, told the Telegraph: 'While the true cost will only be clear once the dust settles, it's likely to be costing Marks & Spencer seven figures per day, as digital channels have been offline for a prolonged period.'
