ARTICLE AD BOX
A warning has been issued that cybercriminals are “trying their luck” with cyber attacks on firms in the same sector, experts have said after Harrods confirmed it was the latest retailer to be targeted.
The luxury London department store said it had restricted internet access across its sites on Thursday as a precautionary measure following an attempt to gain unauthorised access to its systems.
It follows a serious ransomware attack on Marks & Spencer that has forced the company to suspend online orders and halt all recruitment, and the Co-op has also confirmed it was the target of an attempted breach, and it too has shut down some of its IT systems as a precaution.
Marks & Spencer said it is “working day and night” to manage the impact of the damaging cyber attack.
Stuart Machin, chief executive of the high street giant, said he is “really sorry” customers have been affected by the fallout from the attack.
The retailer is currently unable to process any online orders after shutting down parts of its online systems to deal with a “cyber incident”.
M&S first reported the issue over the Easter weekend but has seen its operations impacted for more than a week.
Initially, the company saw contactless payments and click and collect orders affected.
Last Friday, it said it would no longer be able to take orders through its website or app in order to deal with the problem.
In a fresh message to customers, Mr Machin thanked customers for their patience but did not say when normal operations would resume.
He said: “We are really sorry that we’ve not been able to offer you the service you expect from M&S over the last week.
“We are working day and night to manage the current cyber incident and get things back to normal for you as quickly as possible.
“Thank-you from me and everyone at M&S for all the support you have shown us. We do not take it for granted and we are incredibly grateful.
“Our teams are doing the very best they can and are ready to welcome you into our stores – whether you are shopping for food or for fashion, home and beauty this bank holiday weekend.”
The company has also been unable to hire new workers after pulling job adverts from its website as tech experts seek to resolve issues across its online systems.
Jake Moore, global cybersecurity adviser at Eset, said other retailers being targeted in the wake of the M&S breach was “typical”, as hacking groups are often inspired to “try their luck” by using the same type of ransomware elsewhere.
“It’s typical for similar companies in the same sector to become secondary targets after a huge cyber attack,” he said.
“As the strain of ransomware called DragonForce can simply be purchased on the dark web in a model called ‘ransomware-as-a-service’, other hacking groups are also able to attempt their luck on similar businesses and start demanding ransoms where possible.
“It is often a precautionary measure to shut down parts of a system after a major cyber attack to mitigate any threats and prevent similar breaches.
“However, attacks involving the DragonForce ransomware most commonly start by targeting known vulnerabilities such as attacking systems that have not been kept up to date with the latest security patches, so businesses need to be extra vigilant and improve how quickly they update their networks.”
Cybersecurity expert Cody Barrow, chief executive of EclecticIQ, said the flurry of attacks showed cybercriminals are becoming bolder.
“Coming on the heels of recent breaches at Co-op and M&S, it highlights an alarming trend: attackers are becoming increasingly opportunistic, exploiting weaknesses across complex, highly interconnected supply chains,” he said, warning that artificial intelligence was also making it easier for lower-skilled hackers to put together sophisticated attacks.
“What’s deeply concerning is generative AI is accelerating the threat landscape.
“Sophisticated phishing campaigns, deepfake social engineering, and adaptive malware are now within reach of even low-skilled attackers.
“This widespread access to advanced attack tools is driving up attack volume, speed, and complexity.”
According to reports, a hacking group known as Scattered Spider is said to be behind the M&S attack, although this has not been confirmed.
It also remains unclear if the three attacks are linked.
Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, said the attacks could be linked by a common piece of technology used by all three firms that has a vulnerability, or that Co-op and Harrods had stepped up their own security response in the wake of the M&S breach.
“Details of the cyber attack at Harrods are still low and we shouldn’t rule out that the three incidents impacting M&S, Co-operative and Harrods are coincidence,” he said.
“However, with the information publicly available we can see two other likely scenarios: either a common supplier or technology used by all three retailers has been breached and used as an entry point to big-name retailers, or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn’t have previously judged a risk.
“It’s a lesson again in the growing difficulty large organisations have in securing against threats in their supply chain, particularly as those threats grow in volume and sophistication.”
English (US) ·