Working from home 'making companies more vulnerable to M&S-style cyberattacks'
Cybersecurity experts warned the rise of hybrid working plus tools like AI voice simulation had 'changed the game' for hackers.
Working from home is making companies more vulnerable to M&S-style cyberattacks, experts have warned. Joe Jones, boss of cybersecurity firm Pistachio, has told how the rise of hybrid working along with tools like AI voice simulation have 'changed the game' for hackers.
He highlighted cases where workers have been tricked by AI into thinking they're speaking to their boss or finance team as scams become ever more sophisticated. It comes amid reports the hack on the major retailer, thought to have been carried out by notorious cyber criminals Scattered Spider, saw IT help desk workers duped into handing over access to company systems.
So-called 'social engineering' attacks - targeting human vulnerabilities rather than system flaws - have become the preferred tactic of hackers, with a Mimecast study finding 95 per cent of data breaches last year were linked to human error. Jones, whose firm runs cyberattack simulations for companies, warned a new £16million UK Government package to ramp up cyber defences was only part of the equation.
He said: 'AI voice simulation can now trick you into thinking you're speaking to your finance director, or an email can write exactly like your boss.
'Some of these hacks are very sophisticated and the increase of working from home since the pandemic has left us more vulnerable.
'While added investment into cybersecurity can help reduce attacks like this in the future, far, far more important than that is educating people on how to avoid an attack.
'Buying cybersecurity technology but not training human beings is like putting an expensive security camera and alarm system on your house and then leaving all the doors open.'
The late April attack, which also affected Co-op and Harrod's, caused panic among the retailers with online orders suspended and store shelves lying empty.
Experts including Jones and Jude McCorry, boss of Scotland's Cyber and Fraud Centre, warned the M&S hack - which the retail giant has now admitted saw personal data stolen - will likely lead to a 'wave' of phishing attacks targeting customers.
McCorry said: 'We need to start thinking outside the box around this.
'Staff training (on cyber security) I think should be mandatory in organisations, and it should be mandatory in government as well.
'We should do cyber exercises the same way as we do fire drills.
'We rely on technology for everything - our internet banking, our shopping and how we pay, how we order things, how we click and collect and even how we get our food onto the shelves and into restaurants.
'This should be a wake up call. We hope maybe people will realise how delicate the system is.'
She advised all M&S customers to change their password and ensure they're using different passwords on different sites, as well as two-factor or multi-factor authentication.
Join the Daily Record WhatsApp community!
Get the latest news sent straight to your messages by joining our WhatsApp community today.
You'll receive daily updates on breaking news as well as the top headlines across Scotland.
No one will be able to see who is signed up and no one can send messages except the Daily Record team.
All you have to do is click here if you're on mobile, select 'Join Community' and you're in!
If you're on a desktop, simply scan the QR code above with your phone and click 'Join Community'.
We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don't like our community, you can check out any time you like.
To leave our community click on the name at the top of your screen and choose 'exit group'.
If you're curious, you can read our Privacy Notice.
McCorry, whose Cyber and Fraud Centre is Scotland's only social enterprise dedicated to cybersecurity, warned: 'Even if the threat to your own data isn't there, there will be threat actors out there pretending they are from M&S or pretending that they've got your data.
'We should make sure we're having conversations with older people as well, and family and friends, on how to protect themselves.'
Jones added: 'We often see this kind of breach followed by a wave of personalised phishing attempts.
'Anyone with an M&S account should be extra cautious and stay alert for emails or texts claiming to be from the retailer.'
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
ITV News
2 hours ago
- ITV News
Reform UK to send first ‘Doge' team to look at council spending in Kent
Reform UK is set to send in its first Elon Musk-style Department of Government Efficiency (Doge) unit to look at 'wasteful spending' in councils. A team of software engineers, data analysts and forensic auditors will 'visit and analyse' local authorities, starting with Kent County Council on Monday, the party said. It follows the US Doge, which was launched during Donald Trump's presidency to cut federal spending. Billionaire Musk was involved but has since left his position spearheading the unit. Reform says its UK version will be led by a yet-unnamed man described as one of the country's 'leading tech entrepreneurs with a specialism in data analytics who has also been a turnaround CEO'. The party said that the unit will use artificial intelligence, advanced data analysis tools and forensic auditing techniques to 'identify wasteful spending and recommend actionable solutions'. A letter sent to Kent County Council, which Reform now controls after the May local elections, read: 'The scope of the review includes but is not limited to: Contractual arrangements with suppliers and consultants, all capital expenditure, use of framework agreements and direct awards, any off-book or contingent liabilities, use of reserves and financial resilience, any audit flags raised by internal or external auditors in the last three years. 'We request that all relevant council officers provide the Doge team with full and prompt access to: Council-held documents, reports and records (electronic and paper), relevant finance, procurement, audit and contract data, meeting minutes and correspondence concerning major procurements, any internal investigations or whistleblowing reports relevant to financial matters, any additional documents that might be of assistance.' It added: 'Should you resist this request, we are ready to pass a council motion to compel the same and will consider any obstruction of our councillors' duties to be gross misconduct. We trust this will not be required.' It is signed by council leader Linden Kemkaran, party chairman Zia Yusuf and party leader Nigel Farage. Mr Yusuf said: "For too long British people have been British taxpayers have watched their money vanish into a black hole. "Their taxes keep going up, their bin collections keep getting less frequent, potholes remain unfixed, their local services keep getting cut. Reform won a historic victory on a mandate to change this. "As promised, we have created a UK Doge to identify and cut wasteful spending of taxpayer money. Our team will use cutting-edge technology and deliver real value for voters." A Kent County Council spokesman declined to comment. The Liberal Democrats, who are the second-biggest party in Kent, say that when so much of the budget is mandatory, Reform have very little room to make savings. Liberal Democrat Cllr Richard Streatfield, Kent County Council, said: "Cuts are not part of the equation. "We have a growing population of over 65s who are using demand-led services and only 0.6% of our budget is on discretionary services. "We are using 99.4% of the county council's taxpayer's money for services that we are legally obliged to provide." Sarah Barwick, Branch Secretary of Unison said: "There's fears of job cuts. KCC's really reduced its number of staff in the number of years I've been employed. "We're right at almost the lowest point of staff that you can get without serious problems that could compromise the services." During a local election campaign launch in March, Mr Farage told supporters: "Frankly folks, what we need in this country to pay for the cuts that people deserve and need, we need a British form of Doge, as Elon Musk has got in America. Let's have a British Doge."
NBC News
2 hours ago
- NBC News
'Mass shooting' thwarted at Michigan high school graduation; one suspect arrested, another at large, officials say
What began as a fist fight at a high school graduation in Michigan on Tuesday has turned into a search for a 20-year-old suspect in what officials are calling a prevented mass shooting attempt. Oakland County authorities are searching for 20-year-old Jamarion Jaryante Hardiman — who is currently on probation for a weapons offense — in connection with the attempt at the Arts and Technology Academy of Pontiac (ATAP) graduation, Sheriff Michael Bouchard announced in a press conference on Friday. Another 19-year-old suspect is in custody, whose identity is not being released until charges are filed. Bouchard said the 19-year-old suspect also has a criminal history involving weapons. Oakland County Sheriff deputies were initially dispatched at 6:40 p.m. to the graduation held at the United Wholesale Mortgage (UWM) property for a fight. A person approached deputies at the scene and informed them a family member had seen a threat posted on Snapchat to shoot up the ceremony, Bouchard said. Authorities are not sure of the post's specific wording, as it has been taken down, but witnesses said it was along the lines of "was going to shoot up the crowd," Bouchard said. The two suspects, both Pontiac residents, were identified as individuals who were part of the fight and had been seen putting packages under cars in the parking lot when authorities arrived, according to Bouchard. Working with the UWM security team and their camera system, officials recovered two fully-loaded weapons at the scene. Each weapon also had a 40-round magazine. "So just those two weapons without changing magazines, had 80 rounds of potential firepower," Bouchard said. "Shooting into a graduation, you can only imagine the outcome of that." One of the suspects, who Bouchard did not specify, was carrying a pink, AR-style pistol with the loaded magazine in a backpack that was stashed under a vehicle when officers arrived. The other weapon recovered was a Glock semi-automatic handgun with a 40-round stick magazine. It is unknown if the suspects once attended the charter school, but Bouchard said they did have friends and relatives at the graduation and "ongoing disputes with individuals in the community." The sheriff said the motive behind the attempted shooting is unclear. The other parties involved in the disputes are not cooperating with authorities, according to Bouchard. "While a brief physical altercation did take place inside the venue, it was quickly handled by staff and security, and those involved were promptly removed," the school wrote in a social media post. "Thankfully, no one within the ceremony was harmed, and we were able to continue and complete our beautiful commencement celebration without further disruption." The 19-year-old suspect fled the scene, but was found after the graduation. Bouchard said he is 'confident' Hardiman will be located. Authorities are asking anyone with information regarding Hardiman's whereabouts to call 911. Bouchard advised community members not to try to apprehend or approach the suspect. When asked by reporters if Bouchard had anything to say to Hardiman, he replied: 'Turn yourself in. One way or another we're going to get you. Make it easier on yourself and the community.'
Reuters
3 hours ago
- Reuters
Trump-Musk induced Tesla slide points to market risks from massive stocks
NEW YORK, June 6 (Reuters) - The rift between President Donald Trump and Tesla chief Elon Musk has captivated the world as a political drama, but it has also become a Wall Street spectacle, highlighting the risk to equity markets from the world's biggest stocks. Tesla (TSLA.O), opens new tab shares slid 14% on Thursday as Musk and Trump feuded largely on social media, including the president threatening to cut off government contracts to Musk's companies. Although the stock modestly rebounded on Friday, Thursday's decline dragged down some of the most closely followed equity indexes, which are more heavily influenced by companies with the largest market values. Tesla's fall accounted for about half of Thursday's declines for both the S&P 500 (.SPX), opens new tab and the Nasdaq 100 (.NDX), opens new tab, which fell 0.5% and 0.8% respectively, on the day. The S&P 500 is generally considered the benchmark for the U.S. stock market while the tech-heavy Nasdaq 100 (.NDX), opens new tab is the basis for the Invesco QQQ Trust (QQQ.O), opens new tab, one of the most popular exchange-traded funds. "It's a widely held stock," said Robert Pavlik, senior portfolio manager at Dakota Wealth. "When this big-name company that represents a sizable portion of the index sells off, it has an overall effect on the index, but it also has a psychological effect on investors." Tesla's decline points to the risk that many investors have long warned about, of indexes being heavily influenced by a handful of megacap stocks. Tesla is the smallest by market value of a group of massive tech and growth companies known as the "Magnificent Seven," which overall drove equity index gains in 2023 and 2024. The group has had a rockier 2025 so far, but more recently has been rebounding. The Magnificent Seven, which include Apple (AAPL.O), opens new tab, Microsoft (MSFT.O), opens new tab and Nvidia (NVDA.O), opens new tab, had a combined weight of nearly one-third in the S&P 500 overall as of Thursday's close. "If you're an investor and you own the S&P or the Nasdaq 100 ... you just need to be aware that you own a lot of exposure to a very small cohort of names," said Todd Sohn, ETF and technical strategist at Strategas. Tesla's decline on Thursday knocked about $150 billion off its market value, while its weights in the S&P 500 and Nasdaq 100 stood at 1.6% and 2.6%, respectively. Tesla shares rebounded somewhat on Friday, up about 5% in mid-day trade, putting its market value around $970 billion. Microsoft and Nvidia, whose market values exceed $3 trillion, held weights of 6.9% and 6.8% in the S&P 500 as of Thursday. Tesla shares are down some 37% since mid-December, a period that has seen the S&P 500 fall about 1%, meaning its influence in the index has also declined over that time. The shares hold a broad influence among ETFs. Tesla has a varying presence in about 10% of the total universe of about 4,200 ETFs, according to Sohn. Those include the Consumer Discretionary Select Sector SPDR Fund (XLY.P), opens new tab, which sank 2.5% on Thursday, and the Roundhill Magnificent Seven ETF (MAGS.Z), opens new tab, which dropped 2.6%. "It's very important to know holistically what is in all your ETFs, because a lot of them are overlapping," Sohn said.
