The United Kingdom’s National Cyber Security Centre warned that ongoing cyberattacks impacting multiple UK retail chains should be taken as a “wake-up call.”
Part of the GCHQ British intelligence agency, the NCSC provides support and guidance to private and public sector entities following major cybersecurity incidents to protect the UK’s critical services.
The NCSC is working with organisations affected by the recent incidents to understand the nature of the attacks and to minimise the harm done by them, including by providing advice to the wider sector and economy.
Recent attack on retail sector is impacting, recommendation from NCSC
NCSC provided specific guidance to the sector. But we believe by following best practice, all companies and organisations can minimise the chances of falling victim to actors like this.
As well as following our guidance (including that listed under Mitigating malware and ransomware attacks – NCSC.GOV.UK), organisations are strongly encouraged to:
- ensure 2-step verification (multi-factor authentication) is deployed comprehensively
- enhance monitoring against unauthorised account misuse. For example, looking for ‘Risky Logins’ within Microsoft Entra ID Protection, where sign-in attempts have been flagged as potentially compromised due to suspicious activity or unusual behaviour, especially where the detection type is “Microsoft Entra Threat intelligence”
- pay specific attention to Domain Admin, Enterprise Admin, Cloud Admin accounts and check if access is legitimate
- review Helpdesk password reset processes – how IT desk authenticates staff members credentials before resetting passwords, especially those with escalated privileges
- ensure your security operation centres can identify logins from atypical sources such as VPNs services in residential ranges through source enrichment and similar
- ensure that you have the ability to consume techniques, tactics and procedures sourced from threat intelligence rapidly whilst being able to respond accordingly.
Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant. Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.
Since the attacks surfaced, the UK House of Commons’ Business and Trade Committee has also asked the CEOs of Marks & Spencer and Co-op to share whether relevant government agencies (including the National Crime Agency and the National Cyber Security Centre) provided support.
(Inputs: https://www.ncsc.gov.uk)
