Ohio-based Victoria’s Secret on May 29 said it was hit by a cyberattack and took down its website as well as some in-store services as a precaution.
In a note sent to the retailer’s employees and reported in Bloomberg News, Victoria’s Secret Chief Executive Officer Hillary Super said that “recovery is going to take a while.”
The news came on the heels of Germany-based Adidas being hit by a cyberattack last week, as well as French luxury brand Dior reporting a cybersecurity incident two weeks ago.
There was also a wave of three cyberattacks on leading UK brands, including Marks & Spencer, which said it stood to lose more than $400 million because of the incident.
The Google Threat Intelligence Group warned two weeks ago that the threat actor — presumed to be the ransomware group Scattered Spider — was going to expand its activities into North America.
“Researchers confirm Victoria’s Secret deliberately pulled its site and disabled in-store services to contain an active breach, enlisted external incident responders, plus is tracking indicators consistent with Scattered Spider’s playbook: SIM-swap fraud, credential stuffing, Cobalt Strike beacon deployment, custom ransomware payloads, and extortion communications,” said Nic Adams, co-founder and CEO or 0rucs.
Adams said the Victoria’s Secret attack mirrors the UK outages at Harrods, Co-op and Marks & Spencer, in which Scattered Spider leveraged high-volume help-desk ruses, rapid ransomware deployment, strategic extortion timing, affiliate syndicate escalation, and supply chain paralysis.
Ryan Sherstobitoff, senior vice president of threat research and intelligence at SecurityScorecard, added that retailers have become high-value targets for cybercriminals, with recent breaches making it clear that this represents more than just a passing trend.
“These attacks are not isolated events,” said Sherstobitoff. “They represent a growing pattern exposing a deeper, systematic vulnerability within the retail industry.”
Sherstobitoff explained that retailers operate in data-rich environments, handling troves of personally identifiable information (PII), loyalty data, and often payment credentials. Given the frequency and severity of recent attacks, Sherstobitoff said security can no longer be a back-burner issue for retailers.
“A proactive, multi-layered cybersecurity strategy is essential,” he said. “One that extends beyond internal systems to include continuous monitoring of the entire external attack surface, including third-party vendors and the broader supply chain.”
Source: SC World