Loading...
24/7 Support Available
Skip to main content
Threat Intelligence

Understanding and Mitigating Scattered Spider Attacks on Retail Giants

Cyber Data Services Team
19 January 2025

In 2025, the UK retail sector suffered a series of cyber attacks targeting Marks & Spencer, the Co-op, and Harrods. These attacks, attributed to the hacking group known as Scattered Spider, caused significant disruptions and financial losses. We aim to provide a comprehensive understanding of these incidents and offer proactive hardening recommendations to help safeguard against similar threats.

Who or What Is Scattered Spider?

Scattered Spider is a loosely affiliated hacking group composed of English-speaking teenagers and young adults from the UK and US, operating like an organized criminal network. The group has been linked to over 100 cyber-attacks since 2022, targeting sectors including telecoms, finance, retail, and gaming. Their method typically involves using social engineering to gain an initial foothold, then exploiting internal vulnerabilities to cause maximum damage.

The 2025 attacks on UK retail giants demonstrated their capability:

  • Marks & Spencer: Online order suspension and store shortages, resulting in significant market value loss
  • Harrods: Customer data security challenges and operational disruptions
  • Co-op: Stock level disruptions affecting inventory management and customer service

Proactive Hardening Recommendations

Based on guidance from Google's security teams, organizations should implement the following hardening measures:

Identity Management

  • Implement phishing-resistant authentication methods such as hardware security keys and software passkeys
  • Transition to passwordless authentication where possible
  • Apply the principle of minimum access to all user accounts and roles
  • Remove SMS, phone calls, and email as primary authentication factors
  • Require positive identity verification for all help desk requests
  • Restrict MFA registration to trusted locations only
  • Monitor and log all MFA registration events for suspicious activity
  • Enforce multi-context criteria for sensitive operations

Endpoint Security

  • Deploy Endpoint Detection and Response (EDR) solutions across all endpoints
  • Maintain up-to-date software and systems with regular patching and updates

Application and Resource Protection

  • Implement secure configurations for all applications and resources
  • Deploy application whitelisting to prevent unauthorized software execution

Network Infrastructure

  • Implement network segmentation to isolate critical systems
  • Adopt a Zero Trust security model for all network access

Monitoring and Detection

  • Deploy advanced threat detection and response capabilities
  • Implement behavioral analytics to identify anomalous user activity

Conclusion

The threat landscape continues to evolve, with groups like Scattered Spider demonstrating sophisticated attack capabilities. By implementing these proactive hardening recommendations, organizations can significantly reduce their risk exposure and improve their security posture.

Cyber Data Services offers comprehensive solutions to help protect your organization:

  • Phishing-resistant login implementations
  • EDR solutions and endpoint protection
  • Zero Trust architecture design and deployment

Reach out to us today to discuss how we can help secure your organization against these emerging threats.

Cyber Data Services

Written by Cyber Data Services Team

The Cyber Data Services Team provides expert guidance and strategic insights to help organisations navigate the complex landscape of digital risk and enterprise security.

Discuss Your Security Needs

Ready to elevate cyber risk to a board-level priority? Our experts are here to help you build a resilient security strategy.