Cyber intelligence lead tips in a time of rising threat
Skip to content

Intelligence lead tips in a time of rising threat

Intelligence lead tips in a time of rising threat

Recent cyber attacks on UK high street retailers are highlighting the growing risks that are facing organisations thanks to increasingly sophisticated cyberattack techniques. As we’ve recently seen, these breaches can expose vast amounts of sensitive data, take down services, and completely destroy a brand, reputation or trust. And it’s not just retailers that are at risk. Many organisations are yet to adopt robust security measures or still rely on outdated IT infrastructure, making them prime targets for exploitation, regardless of what industry they are in. 

Our 24/7 Security Operations Centre (SOC) currently has a unique vantage point on the evolving threat landscape and has been actively monitoring the recent incidents to gain a better understanding of the methods used in order to provide our clients with clear, actionable insights and to suggest effective mitigation strategies. 

Our cybersecurity intelligence indicates that the most recent cyberattacks targeting high street businesses have been attributed to the group Scattered Spider, utilising the DragonForce ransomware strain. 

Scattered Spider gained notoriety in 2023 following ransomware attacks on Caesars Entertainment and MGM Resorts in Las Vegas, for which they reportedly received ransom payments totalling approximately $15 million. The group has also been linked to the Snowflake breach, which exposed personally identifiable information (PII) of millions of users. 

Many of the Key Indicators of Compromise (IOCs) associated with the group include:

  • Sophisticated social engineering tactics like spear phishing emails or tricking people into revealing sensitive information 
  • Pretending to be a legitimate user in order to trigger a password reset 
  • Multi-Factor Authentication (MFA) fatigue attacks which includes repeatedly bombarding a user with MFA requests until they approve out of annoyance or confusion 
  • SIM swapping which involves an attacker tricking phone providers into transferring phone numbers to a SIM that they control 
  • Exploitation of known vulnerabilities that haven’t been patched, like CVE-2015-2291 (a vulnerability in Intel’s ethernet drivers) 

In most cases the attacks were highly complex and sophisticated, but with the right control, monitoring and employee awareness, they were also very preventable. 

The UK’s National Cyber Security Centre (NCSC) has issued guidance regarding these attacks, and in addition to that, our SOC team are strongly urging organisations to:

  • Deploy multi-factor authentication (MFA) comprehensively across all accounts and services. Modern phishing resistant method are advised. 
  • Improve monitoring for unauthorised account activity, such as identifying risky sign-ins using Microsoft Entra ID Protection, particularly those flagged by Microsoft Entra Threat Intelligence. 
  • Review and audit high-privilege accounts, such as Domain Admin, Enterprise Admin, and Cloud Admin accounts, ensuring all access is legitimate. 
  • Assess helpdesk procedures for password resets, particularly verifying staff credentials before processing requests for accounts with elevated privileges. 
  • Enhance detection capabilities within your Security Operations Centre (SOC) to identify logins from atypical sources (e.g., VPNs using residential IP ranges) through source enrichment and related methods. 
  • Establish processes to rapidly ingest and respond to threat intelligence, particularly regarding evolving tactics, techniques, and procedures (TTPs). 

In addition to implementing the NCSC’s recommendations, as a business, we are also actively evaluating the effectiveness of restricting IT resource access to company-owned devices only. A comprehensive review of Conditional Access policies and firewall configurations is also considered best practice. 

It is crucial that organisations regularly review, test, and update disaster recovery, business continuity, and cyber incident response plans to ensure preparedness and resilience against cyber threats. 

Our most recent Mid-Market report highlights a significant misalignment between IT and business leaders, creating a critical barrier when it comes to cybersecurity investment. While IT leaders recognise cybersecurity and technology upgrades as crucial, business leaders often perceive these as costs rather than strategic growth enablers. But as these high-profile retailers have seen, discrepancy and overestimation of security postures can leave organisations, no matter how big or small, vulnerable to threats.

“There’s a growing recognition that cyber security isn’t just an IT problem, but now more of a business continuity imperative. The most resilient organisations treat security as a continuous, adaptive process rather than a one-time implementation. They integrate security into everything – from software development to employee onboarding.”

James Rentoul, SecOps Manager

Implementing simple yet effective security measures can significantly enhance resilience. Being brilliant at the basics of cybersecurity is a critical step toward building future-ready IT services.

Read more about cybersecurity…

Productivity

Addressing IT Skills Shortage

The IT sector is evolving faster than ever before. Technologies like artificial intelligence, cloud computing, and cybersecurity are reshaping the digital landscape.
Blog The Node4 Team
AI

Navigating the Intersection of AI and Cybersecurity

Artificial Intelligence (AI) is transforming the way organisations operate, and AI in the public sector is no exception. With great potential comes great responsibility, which is why the UK Government has recently published two key documents: the Artificial Intelligence Playbook for the UK Government and the Code of Practice for the Cyber Security of AI. These resources provide …
Blog Glenn Akester
Microsoft Network

Secure the Future: Exploring the Power of Microsoft Entra’s New GA Features

Ready to take your network security to the next level? Discover how the latest features in the Entra Suite integrate modern identity, endpoint, and network access controls, all built on the principles of Zero Trust. Microsoft Entra Internet Access and Private Access have just gone to GA, adding robust features to the Entra Suite that …
Blog The Node4 Team