CyberSecurity news

FlagThis - #ncsc

@industrialcyber.co //

NCSC Warns of AI-Driven Vulnerabilities - The NCSC report warns that organisations unable to defend AI-enabled threats are exposed to greater cyber risk and that the UK critical systems face rising threats from AI-driven vulnerabilities which intensifies cyber threats by 2027.
The UK's National Cyber Security Centre (NCSC) has issued a warning that critical systems in the United Kingdom face increasing risks due to AI-driven vulnerabilities. The agency highlighted a growing 'digital divide' between organizations capable of defending against AI-enabled threats and those that are not, exposing the latter to greater cyber risk. According to a new report, developments in AI are expected to accelerate the exploitation of software vulnerabilities by malicious actors, intensifying cyber threats by 2027.

The report, presented at the NCSC's CYBERUK conference, predicts that AI will significantly enhance the efficiency and effectiveness of cyber intrusions. Paul Chichester, NCSC director of operations, stated that AI is transforming the cyber threat landscape by expanding attack surfaces, increasing the volume of threats, and accelerating malicious capabilities. He emphasized the need for organizations to implement robust cybersecurity practices across their AI systems and dependencies, ensuring up-to-date defenses.

The NCSC assessment emphasizes that by 2027, AI-enabled tools will almost certainly improve threat actors' ability to exploit known vulnerabilities, leading to a surge in attacks against systems lacking security updates. With the time between vulnerability disclosure and exploitation already shrinking, AI is expected to further reduce this timeframe. The agency urges organizations to adopt its guidance on securely implementing AI tools while maintaining strong cybersecurity measures across all systems.

Recommended read:
References :
  • Industrial Cyber: GCHQ’s National Cyber Security Centre (NCSC) has warned that U.K. critical systems are facing growing risks due to...
  • NCSC News Feed: NCSC warns that organisations unable to defend AI-enabled threats are exposed to greater cyber risk and AI-driven vulnerabilities and threats
  • Tech Monitor: Report predicts that AI will enhance cyber intrusion efficiency and effectiveness by 2027
@www.pwc.com //

NCSC Warns of AI Cyber Threats and Router Exploits - The UK’s NCSC has issued warnings regarding cyber threats exacerbated by AI and the exploitation of end-of-life routers.
The UK's National Cyber Security Centre (NCSC) has issued warnings regarding the growing cyber threats intensified by artificial intelligence and the dangers of unpatched, end-of-life routers. The NCSC's report, "Impact of AI on cyber threat from now to 2027," indicates that threat actors are increasingly using AI to enhance existing tactics. These tactics include vulnerability research, reconnaissance, malware development, and social engineering, leading to a potential increase in both the volume and impact of cyber intrusions. The NCSC cautioned that a digital divide is emerging, with organizations unable to keep pace with AI-enabled threats facing increased risk.

The use of AI by malicious actors is projected to rise, and this poses significant challenges for businesses, especially those that are not prepared to defend against it. The NCSC noted that while advanced state actors may develop their own AI models, most threat actors will likely leverage readily available, off-the-shelf AI tools. Moreover, the implementation of AI systems by organizations can inadvertently increase their attack surface, creating new vulnerabilities that threat actors could exploit. Direct prompt injection, software vulnerabilities, indirect prompt injection, and supply chain attacks are techniques that could be used to gain access to wider systems.

Alongside the AI threat, the FBI has issued alerts concerning the rise in cyberattacks targeting aging internet routers, particularly those that have reached their "End of Life." The FBI warned of TheMoon malware exploiting these outdated devices. Both the NCSC and FBI warnings highlight the importance of proactively replacing outdated hardware and implementing robust security measures to mitigate these risks.

Recommended read:
References :
  • thecyberexpress.com: The Federal Bureau of Investigation (FBI) has issued a warning about the TheMoon malware. The warning also stresses the dramatic uptick in cyberattacks targeting aging internet routers, especially those deemed “End of Life†(EOL).
  • Malware ? Graham Cluley: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked
  • Latest from ITPro in News: AI-enabled cyber attacks exacerbated by digital divide in UK
  • NCSC News Feed: UK critical systems at increased risk from 'digital divide' created by AI threats
  • industrialcyber.co: NCSC warns UK critical systems face rising threats from AI-driven vulnerabilities
  • www.tenable.com: Cybersecurity Snapshot: U.K. NCSC’s Best Cyber Advice on AI Security, the Quantum Threat, API Risks, Mobile Malware and More
@cyble.com //

UK Retailers Hit by Ransomware NCSC Urges Defenses - Multiple cyberattacks have recently struck leading UK retailers, prompting concern and a warning from the NCSC urging organizations to assess their cyber resilience.
References: arcticwolf.com , cyble.com , www.itpro.com ...
Recent cyberattacks have targeted major UK retailers, prompting a call for increased vigilance and stronger defenses from the National Cyber Security Centre (NCSC). High-profile organizations such as Harrods, Marks & Spencer (M&S), and Co-op have been affected, causing significant operational disruptions. These attacks have led to restricted internet access, pauses in online order processing, and in some instances, potential data extraction, highlighting the severity and broad impact of these cyber incidents on the retail sector.

The NCSC has issued an urgent warning to UK firms, emphasizing the escalating risk of ransomware attacks, particularly within the retail industry. The agency anticipates a potential increase in similar attacks in the coming days. In response, the NCSC has released a comprehensive set of guidelines designed to assist businesses in bolstering their defenses against these threats and minimizing potential financial losses. This includes reviewing password reset policies, being cautious of senior employees with escalated priviledges such as Domain Admin, Enterprise Admin and Cloud Admin accounts.

The NCSC's guidelines emphasize proactive measures such as isolating and containing threats quickly by severing internet connectivity to prevent malware spread and ensuring backup servers remain unaffected. It also highlights leveraging backup systems for recovery and implementing multi-factor authentication (MFA) across the board. The NCSC advises businesses to constantly be on the look out for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts are flagged as potentially compromised due to suspicious activity or unusual behaviour. Furthermore, the agency urges organizations to assess their cyber resilience and adopt best practices for both prevention and recovery to mitigate future attacks.

Recommended read:
References :
Shivani Tiwari@cysecurity.news //

NCSC Issues Advisory Amidst UK Retailer Cyberattacks - The UK's NCSC has issued an advisory following a series of cyberattacks targeting major UK retailers, including Marks & Spencer (M&S), Co-op, and Harrods, hinting that Scattered Spider is most likely behind the attacks.
References: bsky.app , slcyber.io , cyble.com ...
The UK's National Cyber Security Centre (NCSC) has issued an advisory following a series of cyberattacks targeting major UK retailers, including Marks & Spencer (M&S), Co-op, and Harrods. These incidents, which began in April 2025, have prompted warnings for organizations to remain vigilant and implement robust cybersecurity measures. The NCSC is working closely with affected organizations to understand the nature of the intrusions and provide targeted advice to the broader retail sector.

The NCSC's advice strongly suggests the involvement of Scattered Spider, a group of English-speaking cyber criminals previously linked to breaches at MGM Resorts and Caesars Entertainment in the U.S. Scattered Spider is believed to have deployed ransomware to encrypt key systems at M&S, causing significant disruption, including the suspension of online sales. Authorities are urging security teams to implement multi-factor authentication, monitor for risky logins, and review help desk login procedures to mitigate potential ransomware attacks.

While investigations are ongoing to determine if the attacks are linked or the work of a single actor, reports suggest that a group called DragonForce may also be involved. DragonForce operates as a ransomware-as-a-service, providing tools and infrastructure for contracted hackers. The NCSC emphasizes that all organizations should follow the advice on its website to ensure they have appropriate measures in place to prevent attacks and effectively respond to and recover from them.

Recommended read:
References :
  • bsky.app: Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre. The NCSC advice is the strongest hint yet the hackers are using tactics most commonly associated with a collective of English-speaking cyber criminals nicknamed Scattered Spider.
  • slcyber.io: Scattered Spider Linked to Marks & Spencer Cyberattack
  • www.cybersecuritydive.com: UK authorities warn of retail-sector risks following cyberattack spree
  • cyble.com: Multiple cyberattacks have recently struck some of the UK’s most iconic retailers, prompting concern from industry leaders and cybersecurity authorities. Among the affected organizations are Harrods, Marks & Spencer, and the Co-op, all of which have confirmed incidents targeting their digital infrastructure in late April and early May 2025.
  • research.checkpoint.com: For the latest discoveries in cyber research for the week of 5th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Three major UK retailers – Co-op, Harrods and Marks & Spencer (M&S) – were hit by cyberattacks that disrupted operations and compromised sensitive data. The attacks are believed linked to the Scattered
  • www.itpro.com: Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
  • www.ncsc.gov.uk: A joint blog post by the NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.
  • BleepingComputer: UK shares security tips after major retail cyberattacks
  • cyble.com: Multiple cyberattacks have recently struck some of the UK’s most iconic retailers, prompting concern from industry leaders and cybersecurity authorities. Among the affected organizations are Harrods, Marks & Spencer, and the Co-op, all of which have confirmed incidents targeting their digital infrastructure in late April and early May 2025. The UK’s National Cyber Security Centre (NCSC) is currently working alongside these retailers to investigate the attacks and mitigate potential damage.
  • phishingtackle.com: Co-op has revealed that its recent breach was far more serious than initially reported, with a significant amount of data from current and former customers stolen. The National Cyber Security Centre (NCSC) has since warned that cybercriminals are impersonating IT … The post appeared first on .
  • bsky.app: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked. https://www.exponential-e.com/blog/ncsc-warns-of-it-helpdesk-impersonation-trick-being-used-by-ransomware-gangs-after-uk-retailers-attacked
  • www.cysecurity.news: The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public,†said NCSC CEO Dr Richard Horne.
  • Malware ? Graham Cluley: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked.
@cyble.com //

NCSC Issues Alert After Retail Cyberattacks - The UK's NCSC issued urgent guidance to organizations following cyberattacks on UK retailers, advising enhanced cyber resilience, multi-factor authentication, and improved monitoring against unauthorized account use.
Following a series of cyberattacks targeting major UK retailers including Marks & Spencer, Co-op, and Harrods, the National Cyber Security Centre (NCSC) has issued an urgent alert, urging organizations to bolster their defenses. The attacks, which involved ransomware and data theft, have caused significant operational disruptions and data breaches, highlighting the increasing risk faced by the retail sector. The NCSC anticipates that similar attacks are likely to escalate and emphasizes that preparation is key to ensuring business continuity and minimizing financial losses.

The NCSC advises businesses to take immediate and proactive measures to mitigate risks. A key recommendation is to isolate and contain threats quickly by severing internet connectivity immediately to prevent malware from spreading further across networks. It's equally important to ensure that backup servers remain isolated and unaffected by the attack, so they can be used for disaster recovery. The security agency is also calling on firms to review their password reset policies, and in particular how IT help desks authenticate workers when they make a reset request, especially in the case of senior employees with escalated privileges.

To enhance cyber resilience, the NCSC stresses the importance of implementing multi-factor authentication (MFA) across the board. The agency also warns organizations to be constantly on the lookout for ‘risky logins’ within Microsoft Entra ID Protection, where sign-in attempts are flagged as potentially compromised due to suspicious activity or unusual behaviour. The Information Commissioner's Office (ICO) has similar advice warning organizations to make sure that accounts are protected by a strong password, and that passwords aren't being reused across multiple accounts. While attacks against UK retailers have rocked the industry in recent weeks, the NCSC's guidance aims to help businesses avoid falling victim to similar incidents.

Recommended read:
References :
  • DataBreaches.Net: Marks & Spencer breach linked to Scattered Spider ransomware attack
  • Davey Winder: Harrods is the latest major U.K. retailer to confirm a cyberattack as M&S continues to struggle with ransomware strike fallout.
  • securityaffairs.com: Luxury department store Harrods suffered a cyberattack
  • The Register - Security: British govt agents step in as Harrods becomes third mega retailer under cyberattack
  • www.itpro.com: Harrods hit by cyber attack as UK retailers battle threats
  • Graham Cluley: Uh-oh. Marks & Spencer, Co-op, and now Harrods is the latest high profile UK retailer to be hit by what is (most likely) a attack. No organisation is 100% safe.
  • techcrunch.com: UK retail giant Co-op warns of disruption as it battles cyberattack
  • Bloomberg Technology: DragonForce hacking gang takes credit for UK retail attacks
  • NCSC News Feed: NCSC statement: Incident impacting retailers
  • Resources-2: Retail Under Fire: Inside the DragonForce Ransomware Attacks on Industry Giants
  • Zack Whittaker: Bloomberg reporting that DragonForce ransomware gang "and its partners" were behind cyberattacks targeting U.K. retail giants Marks & Spencer, Co-op and Harrods. The gang also claimed to have stolen customer data.
  • doublepulsar.com: DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door
  • Metacurity: Harrods becomes the third top UK retailer to fend off a cyberattack
  • hackread.com: UK Retailer Harrods Hit by Cyber Attack After M&S, Co-op
  • NPR Topics: Technology: Harrods, the iconic luxury department store, has become the latest British retailer to fall victim to a cyberattack.
  • bsky.app: Uh-oh. Marks & Spencer, Co-op, and now Harrods is the latest high profile UK retailer to be hit by what is (most likely) a #ransomware attack.
  • www.bbc.co.uk: The BBC reports on DragonForce's attacks on Co-op, details data theft.
  • www.thetimes.com: The Sunday Times article details the DragonForce attack on Marks & Spencer.
  • BleepingComputer: Cybersecurity firm BleepingComputer reported the Co-op's confirmation of significant data theft, contrasting with previous downplayed assessments of the incident.
  • Help Net Security: The Co-op hack is detailed with an update of stolen data and the impact on the company's systems.
  • DataBreaches.Net: BleepingComputer reports on the escalation of the Co-op cyberattack, with hackers boasting about stealing data from millions of customers.
  • arcticwolf.com: Threat Event Timeline 22 April 2025 – Marks & Spencer released a cyber incident update on the London stock exchange website.
  • Rescana: Detailed Report on the DragonForce Cyber Attack on Co-op Introduction: The DragonForce cyber attack on Co-op has emerged as a significant...
  • Tech Monitor: The Co-op Group has acknowledged a substantial data breach in a cyberattack that was reportedly perpetrated by the DragonForce group.
  • arcticwolf.com: Threat Event Timeline 04/22/2025 – Marks & Spencer released a cyber incident update on the London stock exchange website. The incident resulted in the organization having to pause online clothing orders for six days.
  • www.techradar.com: Hackers claim to have stolen private information on 20 million Co-op shoppers
  • cyble.com: Cyberattacks Hit Leading UK Retailers as NCSC Urges Stronger Defences
  • cyble.com: Multiple cyberattacks have recently struck some of the UK’s most iconic retailers, prompting concern from industry leaders and cybersecurity authorities.
  • www.cybersecurity-insiders.com: NCSC issues alert against more ransomware attacks on retailers
  • www.itpro.com: In an official statement, addressed the situation, saying: “The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers, and the public.
  • cyberinsider.com: Cyber Insider reports on Co-op Confirms Member Data Breach Following Cyberattack Incident
  • Check Point Research: Three major UK retailers – Co-op, Harrods and Marks & Spencer (M&S) – were hit by cyberattacks that disrupted operations and compromised sensitive data.
  • www.bleepingcomputer.com: Marks and Spencer breach linked to Scattered Spider ransomware attack
  • cyberinsider.com: NCSC Issues Urgent Guidance After Major UK Retailers Breached by Hackers
  • www.cybersecurity-insiders.com: New Cyber threats emerge from Cyber Attacks on UK Companies.
  • TechInformed: Recent retail cyber attacks have highlighted growing vulnerabilities in the UK sector.
  • techinformed.com: A recent spate of retail cyber attacks has highlighted growing vulnerabilities in the UK sector, with high street names including M&S, the Co-op and Harrods…
  • Cybersecurity Blog: The Marks and Spencer Cyber Attack: Everything You Need to Know
  • Malware ? Graham Cluley: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked
  • Phishing Tackle: Co-op has revealed that its recent breach was far more serious than initially reported, with a significant amount of data from current and former customers stolen.
  • bsky.app: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked.
  • www.cysecurity.news: The United Kingdom’s National Cyber Security Centre (NCSC) has issued a stark warning following a wave of cyberattacks targeting some of the country’s most prominent retail chains.
@NCSC News Feed //

Spyware Targets Civil Society, Ethnic Groups Worldwide - A multi-government advisory highlights BADBAZAAR and MOONSHINE spyware targeting Uyghur, Taiwanese, and Tibetan communities through Android apps, enabling surveillance by accessing sensitive data.
A coalition of governments, including the UK, US, Australia, Canada, Germany, and New Zealand, has issued an alert regarding the use of BADBAZAAR and MOONSHINE spyware. These sophisticated tools are being used to target civil society groups and ethnic minorities, specifically Uyghur, Taiwanese, and Tibetan communities. The spyware is embedded within seemingly legitimate Android applications, effectively acting as Trojan malware to gain unauthorized access to sensitive data. These malicious apps are designed to appear harmless, often mimicking popular apps or catering to specific interests of the targeted groups.

These spyware families are capable of accessing a wide range of information on infected devices, including location data, microphone and camera feeds, messages, photos, and other stored files. The UK's National Cyber Security Centre (NCSC) has stated that the targeted individuals are those connected to topics considered a threat to the Chinese state, such as Taiwanese independence, Tibetan rights, Uyghur Muslims, democracy advocacy, and the Falun Gong spiritual movement. The indiscriminate nature of the spyware's spread raises concerns that infections may extend beyond the intended targets, potentially affecting a broader range of users.

The advisory includes a list of over 100 malicious Android apps that have been identified as carrying the BADBAZAAR and MOONSHINE spyware. These apps often masquerade as Muslim and Buddhist prayer apps, chat applications like Signal, Telegram, and WhatsApp, or utility apps like Adobe Acrobat PDF reader. To mitigate the risk, individuals are urged to download apps only from official app stores, keep their devices and apps up to date, avoid rooting or jailbreaking their devices, and carefully review app permissions before installation. The NCSC and its partners continue to monitor the activities of these malicious cyber actors and provide guidance to help individuals protect themselves from these evolving threats.

Recommended read:
References :
  • thecyberexpress.com: Global Cybersecurity Agencies Warn of Spyware Targeting Uyghur, Tibetan, and Taiwanese Communities
  • ComputerWeekly.com: NCSC issues warning over Chinese Moonshine and BadBazaar spyware
  • NCSC News Feed: BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors
  • Danny Palmer: The NCSC has put out a warning on how malicious cyber actors are using two forms of spyware - dubbed MOONSHINE and BADBAZAAR - hiding in otherwise legit mobile apps to target individuals in Uyghur, Tibetan and Taiwanese communities as well as civil society groups.
  • Zack Whittaker: A coalition of global governments have identified dozens of Android apps that are bundled with the prolific BadBazaar and Moonshine spyware strains, which they say are targeting civil society who oppose China's state interests.
  • techcrunch.com: Governments identify dozens of Android apps bundled with spyware
  • Threats | CyberScoop: BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns
  • techcrunch.com: Governments warn of BadBazaar and Moonshine spyware, MSFT issued fixes for at least 121 flaws, Scattered Spider persists after arrests, UK probes suicide forum, Hackers abuse SourceForge to distribute malware, Dutch gov't to screen researchers and students for espionage risks, much more
  • NCSC News Feed: The NCSC has put out a warning on how malicious cyber actors are using two forms of spyware - dubbed MOONSHINE and BADBAZAAR - hiding in otherwise legit mobile apps to target individuals in Uyghur, Tibetan and Taiwanese communities as well as civil society groups.
  • securityonline.info: Spyware Alert: BADBAZAAR and MOONSHINE Target Civil Society and Ethnic Groups
  • cyberscoop.com: BadBazaar and Moonshine malware targets Taiwanese, Tibetan and Uyghur groups, U.K. warns
  • Tenable Blog: Tenable Blog on Mobile Spyware Attacks
  • cyberinsider.com: CyberInsider article on Western intelligence agencies exposing Chinese spyware

Posts

Blogs

Research Tools