News

The recent ransomware attack on Peter Green Chilled, a UK logistics provider responsible for refrigerated deliveries to major supermarkets, didn’t just delay shipments. It sent a warning shot to the entire retail industry. When chilled goods can’t reach stores, the consequences are immediate: shelves go empty, supply chains falter and customer trust erodes. This attack joins a string of recent incidents targeting retailers including Marks & Spencer, Co-op, Harrods, Adidas and Victoria’s Secret.

What’s happening isn’t random. Retail is being deliberately and strategically targeted by cybercriminal groups aiming to create high-impact disruption. These organizations are particularly vulnerable because they rely on just-in-time logistics, operate on thin margins and depend on a vast network of third-party vendors and suppliers. When one link in that chain breaks, the effects cascade, making retailers more likely to pay ransoms to get back online fast.

Among the groups behind this wave of attacks is Scattered Spider, also known by its designation UNC3944, a highly sophisticated collective that has focused its efforts on enterprises in both the UK and the U.S.

Scattered Spider rose to notoriety through phishing and SIM-swapping campaigns, but it has since evolved into a much more formidable threat. Today, the group employs a blend of social engineering, credential harvesting and abuse of legitimate tools to infiltrate environments and evade detection.

Key to Scattered Spider’s effectiveness is its ability to impersonate internal support teams. By using tactics like help desk impersonation and SMS-based phishing, also known as smishing, they exploit trust relationships within an organization. Employees, particularly those in IT and administrative roles, become the primary targets. When these workers are convinced to reset MFA settings or hand over credentials, the attackers gain immediate, privileged access.

What sets Scattered Spider apart is its fluency in English, familiarity with Western business operations and ability to operate in real time. These are not language-barrier-limited, spray-and-pray operations. These are targeted intrusions executed with precision.

Perhaps most concerning is how attackers are co-opting the very tools defenders rely on. Remote administration utilities like AnyDesk, TeamViewer and Microsoft Quick Assist are frequently used by internal IT teams for legitimate support tasks. But in the hands of an adversary, they become stealthy weapons.

These tools don’t raise red flags in the same way malware might. They’re signed, trusted and often already whitelisted in security policies. That makes them perfect vehicles for attackers seeking to maintain persistence and move laterally inside networks.

Retail organizations, with dispersed physical locations and complex logistics ecosystems, are particularly reliant on remote access software. This reliance opens up a massive surface for abuse, especially when access permissions are overly broad or insufficiently monitored.

As threat actors increasingly exploit trusted tools and personnel, retailers must focus on reducing their attack surface and limiting the blast radius of potential breaches. This means going beyond reactive measures and embedding proactive security into everyday operations. Retailers can take action with strategies like these:

Harden Identity Controls: Organizations must implement strict policies for MFA and password resets. Real-time monitoring of these actions is essential to catch anomalies such as MFA enrollment from an unfamiliar device or rapid changes to high-privilege accounts.

Lock Down Remote Access: Remote access tools should be treated as sensitive assets. Their use must be tightly controlled, with policies in place to ensure they are only enabled when explicitly approved. Security teams should maintain inventories of authorized tools and actively hunt for unauthorized use.

Monitor for Behavioral Anomalies: Relying solely on signatures and known indicators of compromise is no longer sufficient. Security operations centers (SOCs) should implement behavioral analytics to identify unusual access patterns, like logins during off-hours, large data transfers from point-of-sale systems or unusual access from vendor accounts.

Prioritize Training for High-Risk Roles: Help desk workers, IT administrators and third-party vendors often have elevated access and are prime targets for social engineering. These employees must receive ongoing training not just on phishing, but on impersonation tactics, smishing attempts and unusual requests that should raise red flags.

The recent surge in retail-targeted ransomware attacks underscores a critical truth: security is no longer just a back-office function. It’s a frontline defense that directly affects customer experience, brand reputation and business continuity.

Retailers can no longer afford to take a reactive stance. The focus must shift toward continuous control validation, proactive threat hunting and investing in tools that reduce human error and shorten response times. That means combining technical controls with a strong culture of awareness, empowering employees to be an extension of the security team, not just a vulnerability.

The next ransomware attack won’t just compromise data. It could halt the movement of goods, empty shelves and leave customers questioning a brand’s reliability. For retailers, cybersecurity is now a matter of operational survival. And for groups like Scattered Spider, the attack surface has never been more inviting.

We list the best identity management software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

• Battlefield 6 will be officially revealed in a special livestream today
• The broadcast begins at 4pm BST / 5pm CEST / 11pm EST / 8am PST
• A cinematic trailer or the first look at gameplay is likely to be showcased

Electronic Arts has officially announced Battlefield 6, and a first look at the next game will be revealed today in a special livestream.

The 'Battlefield 6 Official Reveal Trailer' broadcast is scheduled to take place today, July 24, at 4pm BST / 5pm CEST / 11pm EST / 8am PST and can be watched on the official Battlefield YouTube channel.

A teaser was shared earlier this week showing four soldiers overlooking what appears to be a war-torn New York City, with the Brooklyn Bridge caught in an explosion.

EA hasn't confirmed the details of the upcoming livestream or how long it will last, but we're expecting a cinematic trailer at least or a potential gameplay overview showcasing the setting, roles, and first-person shooter action.

Closed beta tests for Battlefield 6 have been running for the past few months, so this will be the first time the game has been shown off to the public.

Before the livestream announcement, it was reported that content creators familiar with the series had been receiving special packages from EA.

It was also claimed by Battlefield content creator Rivalxfactor that there will be a three-day EA event following the game's official reveal; however, the creator stated this would occur on July 29, which we now know to be false and is happening today instead.

• Best PS5 games 2025 - the top 26 PlayStation 5 titles to play right now
• The Nintendo Switch 2 is the company’s least ambitious console to date, but its improvements are astronomical
• I’ve spent 150 hours with The Legend of Zelda: Breath of the Wild, and the Switch 2 Edition is an incredible upgrade

• Report finds over half of UK companies could be missing out on revenue from slow AI adoption
• 30% are worried they've missed the AI adoption window
• UK businesses are among the most AI-optimistic

Over half of UK companies could be losing up to 5% of monthly revenue simply down to a delay in AI adoption – a considerable loss that could be easily fixed.

Research by Couchbase found four in five (79%) agree AI tools give them a competitive advantage, but many are failing to move quickly enough, with as many as one in three (30%) now fearing they've missed the AI adoption window.

"The AI race has clearly already begun and while the potential is clear, complexity and fragmentation leave many businesses struggling to keep up," Couchbase Global Customer Technology Strategy Leader Chris Bridgland explained.

More than half (51%) of the businesses surveyed said they're worried about project failure, which is holding them back from adopting AI.

Others battle with data access and management (44%), creating safe environments for AI experimentation (40%) and security issues associated with third-party AI solutions (43%).

Although AI readiness is at its highest with generative AI, this still only stands at 56%. Alarmingly, only 40% feel ready for AI-powered applications, and even fewer (32%) feel prepared for agentic AI, which promises huge automation benefits.

Despite the challenges, the UK still leads the way when it comes to optimism, with 50% believing it will enhance customer experience compared with 35% in India and 32% in Germany. Half (52%) also believe agentic AI will help them to identify new trends.

Looking ahead, two-thirds (68%) agree that AI would be easier to control when there are fewer technologies involved. "As AI architectures grow more sophisticated, organisations are realising that simplicity isn’t a compromise, it’s a competitive advantage," Bridgland added.

• OpenAI says it has proof its tools are making workers more productive
• We've listed the best AI writers around
• Check out the best productivity apps on offer today