Sunday, May 4, 2025
Latest:
News

Hacking Spree Rocks the U.K. High Street—and Other Big Security Stories This Week

HackAcademy

DragonForce, Scattered Spider or Both?

Marks & Spencer, Co-op and Harrods are still untangling the fallout from a fortnight-long wave of cyber-intrusions that has disrupted online orders, locked servers and even forced supermarket staff to double-check faces on Zoom calls. M&S admits the Easter-weekend attack is costing about £15 million a week and has wiped roughly £750 million off its market value. Analysts say ransomware linked to the loose collective Scattered Spider was deployed with the “DragonForce” encryptor, but none of the three retailers has confirmed exactly what hit them—or whether the incidents are connected.

France Calls Out the Kremlin

In a rare public attribution, France has formally accused Russia’s GRU military-intelligence arm (APT28/Fancy Bear) of at least a dozen cyber-espionage and sabotage operations dating back to 2015, including recent probes targeting Paris 2024 Olympics infrastructure. The foreign ministry took its complaint to the UN Security Council, arguing that Moscow is seeking to undermine European support for Ukraine.

U.S. Targets the Smishing Supply Chain

Across the Atlantic, U.S. authorities are zeroing in on the murky “gray market” that lets scammers rent phone numbers at scale to blast toll-road and delivery-fee smishing texts. Investigators say more than 10,000 domains are fuelling the campaign and urge iPhone and Android users to delete suspicious messages on sight.

AirPlay’s “AirBorne” Flaws Leave Millions Exposed

Researchers have disclosed 23 vulnerabilities—collectively dubbed AirBorne—that allow code execution on any third-party AirPlay device sharing a Wi-Fi network with an attacker. Apple has patched its own products, but millions of smart TVs, speakers and car infotainment units may never see fixes unless vendors act.

Microsoft Edges Passwords Toward Extinction

To mark the newly renamed “World Passkey Day,” Microsoft flipped the switch: all new consumer Microsoft accounts are now passwordless by default, using passkeys or hardware tokens instead. Early telemetry shows a 98 percent success rate for passkey log-ins versus 32 percent for traditional passwords.

Why It Matters

  • Retail reality check: The U.K. hacks show that supply-chain chaos and nine-figure market hits can stem from a single missed phishing call or unpatched VPN.

  • State-sponsored pressure: France’s move signals a tougher European posture on naming and shaming nation-state hackers, raising diplomatic stakes ahead of the Olympics.

  • Consumer headaches: From smishing texts to rogue AirPlay speakers, everyday users remain squarely in attackers’ sights—reinforcing the need for passkeys, updates and healthy scepticism.

Pro Tips for the Week Ahead

  1. Retail customers: Change any reused passwords, enable MFA and watch bank statements if you’ve shopped with M&S, Co-op or Harrods recently.

  2. AirPlay owners: Install firmware updates where available; otherwise disable AirPlay or limit it to recognised devices on home Wi-Fi only.

  3. Phone users in the U.S.: Treat any unpaid-toll or delivery-fee SMS as suspect. Legit services will never demand payment via a texted link.

  4. Microsoft account holders: Head to account.microsoft.com → “Security” to add a passkey and ditch that last password.

Stay patched, stay sceptical, and we’ll see you next week.

Photo Credit: DepositPhotos.com

Leave a Reply

Your email address will not be published. Required fields are marked *