Biggest companies most at risk from new hacking collectives

22 September 2025 Consultancy.uk

With a spree of cyber-attacks wrong-footing large companies around the world, firms need to take stock of their cyber-defences. Lester Lim, director for cyber security at S-RM, explains that the anonymity of workforces at large firms provides major opportunities for hackers.

Recent attacks against UK retail organisations have made several hacking collectives a household name. Swiss telecommunications solutions provider Ascom fell victim to a cyberattack by the notorious Hellcat ransomware group, which compromised the company’s technical ticketing system in March – as part of a spree of hacking incidents targeting Jira servers, with Hellcat gaining unauthorised access to sensitive corporate infrastructure.

At the end of August, this saw Jaguar Land Rover (JLR) proactively shut down its systems after Scattered Spider – a ransomware group most widely known for hitting Britain’s Marks & Spencer retail chain in April – breached its cyber-defences. The news caused "severe disruptions to its retail and production activities" – but JLR had little time to recover, as days later a hacker who calls themselves ‘Rey’ claimed to have breached the firm for the second time, in a move that halted production of all the carmaker’s vehicles in the UK. The English-speaking hacker even gloated to followers over the messaging app Telegram that “this so easy”.

Speaking on the rise in infamy of such groups, Lester Lim, director for cyber security at consulting firm S-RM, said, “Groups like Hellcat and Scattered Spider thrive on targeting well-known brands. The bigger the name, the bigger the reputational fallout, and that gives them another lever in ransom negotiations. It’s not just about money. There’s a strong element of trophy-hunting and headline-grabbing in their playbook and the way they target their victims.

While larger companies have the most money to put towards heightened defences, Lim warned that “perhaps counter-intuitively”, such firms were the most vulnerable. As more staff means more devices, more log-ins, and more opportunities for attackers to get in, “large companies are like cities, small companies are like villages – in a village you know your neighbours, in a city you don’t”.

“That anonymity makes it far easier for attackers to blend in. Combine that with the reliance on shared services like IT helpdesks, which these groups are adept at exploiting, plus their fluent English and sharp social engineering skills, and you see why even the most sophisticated companies struggle to keep them out.”

According to Lim, defending against groups like this means getting the basics right. First and foremost, companies should limit unnecessary privileges, segment networks, and keep a close eye on their hypervisors.

The S-RM expert concluded, “Sudden creation of admin accounts is a red flag that firms need to monitor for, and patching cycles must be watertight. Above all, staff awareness is critical. Most of Scattered Spider’s tricks rely on catching people off guard, so vigilance across the workforce is the strongest line of defence.”