UK Government Issues Security Tips After Retail Chains Hit by Cyber Attacks

By Netvora Tech News

---

The UK government has issued security tips following a series of cyber attacks on well-known retail chains. Marks & Spencer, Harrods, and Co-op were among the companies targeted in recent days. In the case of Co-op, the attackers claimed to have obtained the personal data of 20 million customers.

Security expert Kevin Beaumont, who works with one of the affected organizations, believes that the attackers are using social engineering tactics, such as posing as employees and contacting the help desk to gain access to systems.

UK's National Cyber Security Centre Offers Guidance

The UK's National Cyber Security Centre (NCSC) is working closely with the affected organizations but has yet to release details on how the attacks were carried out. However, the government agency has provided several recommendations for businesses to prevent similar attacks.

• Companies should be able to detect when an attacker is using a legitimate employee account.
• Multi-factor authentication should be enabled and account monitoring should be done, particularly for Domain Admin-, Enterprise Admin-, and Cloud Admin-accounts.
• The process of resetting passwords through the help desk should be reviewed, with attention paid to how help desk staff authenticate employees' details.
• Security operations centers should be able to detect login attempts from atypical locations, such as VPN services in residential ranges.

"These types of attacks are becoming increasingly common, and all organizations, regardless of size, must be prepared," said the NCSC.