Cybersecurity
- Hackers stole hashed credentials from Windows Active Directory (NTDS.dit file) and cracked them offline months prior to he lay few weeks disruption
- Phishing & MFA fatigue attacks tricked employees into handing over access.
- SIM swapping helped bypass multi-factor authentication (MFA).
- Mimikatz was used to extract plaintext passwords.
- Advanced IP Scanner mapped out networks to find high-value targets.
- Security monitoring tools were disabled to avoid detection.
- DragonForce ransomware was executed on VMware ESXi servers, encrypting virtual machines.
- M&S lost £700 million in market value, supply chains stalled, and online orders were halted.
- Harrods restricted internet access, while Co-op shut down IT systems, affecting customer data and operations.
-
20 million Co-op customer records stolen, including credentials and payment data.
-
Hackers threatened to leak sensitive data unless ransom demands were met.
-
Zero-trust architecture: Stop hackers from moving freely inside networks.
-
AI-driven cybersecurity: Keep up with evolving ransomware tactics.
-
Continuous monitoring & MFA enforcement: Spot threats before they escalate.
-
Employee training: Prevent phishing and social engineering attacks.
-
Board-level cybersecurity investment: Treat digital infrastructure like critical infrastructure.
-
Supplier Risk Management Needs to Be a Priority
-
Third-party vendors (e.g., payment processors, logistics firms) are often the weakest link.
-
Businesses must audit external partners, enforce contractual security requirements, and monitor supplier networks in real time.
-
-
Internal Security Must Match External Threats
- Cyberattacks are inevitable, not just a possibility.
- Endpoint security, threat intelligence, and rapid response planning must be built into corporate risk frameworks.
NCSC UK updates - “How to identify and protect against the risks associated with sensitive personal information in your data holdings.
Open letters to Third Party Suppliers
It has been a couple of weeks of open letters to suppliers :
The stolen iPhone market
Inside the Stolen iPhone Market 📲
it is one of the most important nodes in a supply chain for second-hand technology that starts in the west, travels through wholesalers in Hong Kong and on to markets in mainland China and the global south.
Guidelines for secure AI design and development
Guidelines for providers of AI systems, whether custom-built or built on top of external tools and services. NCSC guidelines
Defending Against UNC3944 AKA Scattered Spider
Defending Against UNC3944 AKA Scattered Spider
To counter UNC3944, organizations need robust defenses involving identity verification and advanced authentication methods. Implementing phishing-resistant multi-factor authentication (MFA), minimizing reliance on SMS for authentication, and eliminating publicly available personal data verification are practical steps. Secure the identity verification process with methods like on-camera checks to thwart impersonation attempts.
Training staff to identify and respond to unusual IT requests is crucial. This includes understanding ploys like fake IT calls, email phishing attempts, and odd requests for credential verification, which are characteristic of UNC3944 operations.
A lot of customers will be watching to see what happens with Tata after being linked to another beach - M&S
Interesting results for M&S, almost £300m taken off 2025 profits and an expectation of July being the earliest when online shopping will continue. I expect this impact to be several years to fully absorb.
It is going to be interesting to see how these ransomware payments are made. Personal data taken in UK legal aid cyber attack | Reuters
Really surprised that M&S online is still down for purchases. Must be ensuring an overhaul of systems and approach. Stock is not bad over the two years.
A new ecosystem of assured Cyber Resilience Test Facilities will allow vendors to demonstrate the cyber resilience of their products New assurance initiatives to help boost confidence in… - NCSC.GOV.UK
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States.
If you're in the EU and previously opted out of Meta using your Facebook, Threads, and Instagram posts, you will need to opt out again.
Facebook have done it again.
If you’re in the EU and previously opted out of Meta using your Facebook, Threads, and Instagram posts and images to train its generative AI, you’ll need to opt out again—otherwise, Meta will resume training on your data.
Users have until May 27, 2025, to opt out once more, or they will permanently lose the ability to do so.
Here are the direct opt-out links, which aren’t prominently advertised within the apps:
For more details, see the original report: Ars Technica article Hope that helps!
DragonForce ransomware hit M&S, Harrods & Co-op, causing £700M losses & data breaches.
The Big Picture
In April 2025, UK retailers Marks & Spencer (M&S), Harrods, and Co-op were hit by a major ransomware attack, reportedly carried out by DragonForce, a ransomware-as-a-service (RaaS) group. The attack disrupted operations, caused financial losses, and exposed sensitive customer data—a wake-up call for businesses everywhere. Is it time to think about more regulation with retailers.
How the Hackers Pulled It Off
Breaking In
Spreading Through the System
Deploying the Ransomware
Holding Data Hostage
Cybersecurity Callouts & UK National Security Response
What This Means for Big Business
Further Reading & Expert Insights
🙏🏽
