The M&S cyberattack has caused chaos – Britain's enemies will be watching and learning
Shoppers looking to top up their Sparks points or pick up their weekly groceries may find things difficult this week at Marks & Spencer, which is still reeling from the i mpact of a cyber incident – believed to be a ransomware attack – launched against its business last month.
Co-op shoppers may well count their blessings, as we've recently learned that the retailer has taken 'proactive measures' to mitigate the dangers of its own cyberincursion.
Combined with evermore headlines about high-profile hacks, and even suggestions that cybercrime was behind the recent countrywide power outage in Spain and Portugal – something the countries have denied – it's easy to think we're in the throes of a major hacking flurry.
Such a supposition would be correct. The cold, hard reality is that although we're facing the impact of the attacks first-hand, with bare supermarket shelves and disrupted businesses, when it comes to the problems businesses are facing daily from cybercriminals, this is just a drop in the ocean.
'These are high-profile names so make the headlines, but they are the tip of an iceberg of attacks daily,' says Alan Woodward, professor of cybersecurity at the University of Surrey.
'These serious criminal attacks tend to come in fits and starts, with no obvious pattern,' says Ciaran Martin, a former head of the National Cyber Security Centre, and now a professor at the University of Oxford.
While many have been keen to try and combine the attacks against supermarkets with other unrelated issues to cybercrime such as the electricity outages in Spain and Portugal, the reality is that there's often little connection between the individual attacks. 'I don't think these particular attacks are linked,' says Woodward. 'They're probably different malware and groups.'
While little is known about the attempted hack that the Co-op reportedly managed to repel recently, the hacking group behind the Marks & Spencer attack is believed to be Scattered Spider, an English-speaking group whose members were linked to a 2023 ransomware attack against two US casino operators, which brought Las Vegas hotels to their knees.
The reason why hackers launch these attacks is simple: many victims end up paying. Although official advice is to stand firm against criminals, the chaos it can cause to businesses – one retail expert has said M&S could be losing £3.5m a day in lost sales, while its stock market value has also taken a hit – means many do pay up.
That results in a bonanza for cybercriminals. While the total estimated takings by ransomware gangs in 2024 of $813m was down from 2023's record-breaking year of $1.25bn, according to Chainalysis, it's still a pretty penny. The UK government is planning on introducing legislation to make ransomware payments by public bodies illegal.
And each attack has an impact. 'They're a reminder to private and public sector leaders that rampant cybercrime is a potent threat to their organisation,' says Martin. He's also concerned that the attacks and our comparatively limp response to solving the issue (M&S has been struggling to fix things since Easter) set a precedent that encourages more hacks.
'What it does indicate is the inexorable rise in the number of attacks,' says Woodward. 'We're getting better at repelling attacks, but occasionally one will get through due to the increasing volume.' It's akin to the old warning by the Provisional IRA in the 1980s: 'We only have to be lucky once. You will have to be lucky always.'
'My national level worry is that this gives other bad actors a playbook on how to disrupt Britain at scale,' says Martin. 'We can cope with these attacks individually, painful though they are. But what if lots of them are launched at the same time? I think that's becoming the strategic worry rather than the single big, spectacular, Hollywood movie cyberattack.'
Leaders in countries like Russia, North Korea and Iran – all of which reportedly have state-sponsored hacking groups, and all of which have tried one time or another to target western countries like the UK with these kinds of attacks – will be looking on and learning from how we're responding to these mischief makers and private criminal enterprises. 'There are worrying signs that some potentially hostile states are catching on to the potential of these types of attacks as a weapon against us,' says Martin. 'They're learning from the criminals.'
'Today's hackers don't just break into computers; they break the trust between companies by abusing supplier links, employee accounts and APIs all along the supply chain,' says Nathaniel Jones, vice president of security and AI strategy at Darktrace, a cybersecurity company.
Tackling that scourge is tricky, says Jones. Having deep defences, and an environment where individuals are always asked to prove their identities, and to limit access to private files – sometimes called a 'zero-trust' approach – can help. 'But putting those ideas into practice is tough in retail, where systems and suppliers change all the time,' Jones admits.
Still, more work needs to be done – and it can't just be from the businesses themselves, believes Jones. 'The government also has an opportunity to drive up cybersecurity standards in its upcoming Audit and Corporate Governance Bill, which could play an important role in addressing these risks,' he says.
The reason why we need to address the issue can be seen on the shop floors and hospital wards that have faced down the hackers and struggled. 'The disruption is a direct result of our hyper connectivity, and the fact that many have moved their services online as it's cheaper,' says Woodward. 'The government has identified what is critical infrastructure and does make efforts to work with those that provide the services so they are robust. But loss of a single service, say an online government service where one can deal with them only online, can cause enormous disruption to life.'
Woodward believes government is less worried about a single big attack and more lots of individual, sustained attacks against smaller, softer targets. 'Yes, someone might try to take out the grid – and never say never – but it's more likely it will be gumming the works in local government, telecoms, hospitals and banking,' he says. It's for that reason that Woodward keeps cash and a few days' worth of water in his cupboard – and food too. Because you never know when the shops might stop.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scotsman
7 minutes ago
- Scotsman
Possibilities boggle the mind
The £20 million investment at Riccarton Campus is essential as universities are under so much financial pressure, says Sue Webber Marks & Spencer estimate the cyber-attack first reported in April will cost it over £300 million in lost profit and the disruption to its services could last into next month. Sign up to our daily newsletter Sign up Thank you for signing up! Did you know with a Digital Subscription to Edinburgh News, you can get unlimited access to the website including our premium content, as well as benefiting from fewer ads, loyalty rewards and much more. Learn More Sorry, there seem to be some issues. Please try again later. Submitting... It goes without saying that other companies, particularly those reliant on online sales, will be nervously hoping their digital security is more robust than M&S, which at least has the fallback of traditional over-the-counter high street retailing. These are not victimless crimes, and at an estimated cost of £27 billion annually in the UK alone, cybercrime means higher prices for customers, so it was good to visit Heriot Watt University last week to hear about the work they are doing to develop an ultra-secure 'quantum internet' of the future. Advertisement Hide Ad Advertisement Hide Ad Heriot Watt's Integrated Quantum Networks (IQN) Hub is leading a network of five hubs in a £160m UK Government project which hopes to develop secure communications and an unhackable internet using subatomic particles. It's at the forefront of scientific research and the possibilities certainly boggled my mind. But at a more basic level, the £20m of corporate investment at the Riccarton Campus is essential as universities are under so much financial pressure because the funding they receive from the Scottish Government is not enough to maintain and grow their reputations in a fiercely competitive international market for academic research. But what's also important is that a major Edinburgh institution is at the heart of a technological revolution which is only just starting and can provide hundreds of well-paid jobs of the future. Sue Webber is a Scottish Conservative MSP for Lothian
Scotsman
8 minutes ago
- Scotsman
It's becoming obvious how little Reform understands Scotland
Reform UK has suggested the Barnett Formula and block funding grant from Westminster should go to be replaced with more tax powers for the Scottish Parliament We'll know early tomorrow morning who has won the Hamilton by-election, but during the campaign we have learned a lot more about Reform in Scotland, and it's becoming more obvious how little its leadership understands Scotland. Sign up to our daily newsletter Sign up Thank you for signing up! Did you know with a Digital Subscription to Edinburgh News, you can get unlimited access to the website including our premium content, as well as benefiting from fewer ads, loyalty rewards and much more. Learn More Sorry, there seem to be some issues. Please try again later. Submitting... Even with defecting opportunist councillors hoping to win a seat in the Scottish Parliament – the latest jumping from Labour – it looks like we'll have to wait for anything resembling a coherent plan, and First Minister John Swinney's so-called special summit just gave them a credibility they didn't deserve. The only party benefitting from the rise of Reform is the SNP and in their usual haste to virtue signal, Labour and the Lib Dems were suckered into trooping along for what was just a promotional vehicle for John Swinney. That being said, the Reform attack on Scottish Labour leader Anas Sarwar was unwarranted, and no one who knows him thinks his main goal is to increase Muslim influence. Advertisement Hide Ad Advertisement Hide Ad But it was Nigel Farage's declaration that the Barnett Formula should go, and with it the block grant from Westminster, made up by devolving more taxation powers to Holyrood, which really exposed how little he understands, or cares, about Scotland. The Barnett Formula is not some financial sleight of hand designed to rip off English taxpayers, but a means to ensure the distinct needs of country in which a tenth of the UK population scattered across a third of the landmass are properly met. Scrapping the formula is not the same as arguing for more efficient spending, and there is no shortage of examples of how the SNP squanders public money, the botched ferries being symbolic. But whoever told Nigel Farage that telling Scottish people they should receive less money was a vote winner needs to be kept away from sharp implements. And his suggestion that Holyrood's taxraising powers should be increased could only come from someone who has not studied what has happened with the extensive powers devolved after the 2014 referendum. Maybe more financial power could be contemplated if it meant lower taxes, but the chances of that happening are slim to non-existent, certainly not from Reform which says it supports higher welfare spending. Reducing personal taxation through more efficient services and the use of artificial intelligence, freeing up resources for infrastructure investment, and cutting the burden on businesses are all goals which plenty of people would agree with, but the back-of-Nigel's-fag-packet Reform approach would be disastrous for us all. What has been confirmed in the space of only a few days is that Reform is not really about reform at all, but con artists telling people what they want to hear; increase benefits but cut tax, give Holyrood more power but slash its budget. Get Royal Marines to stop the boats? What, by opening fire? It's all hokum designed to fool, and like a fairground charlatan, Nigel Farage doesn't care. The 'plague on all your houses' motivation for voting Reform is all very well, but like Labour's do-good MPs voting for Jeremy Corbyn to create a contest they thought he had no chance of winning, people need to be very careful what they wish for. The last thing those voting Reform want is an SNP victory, but I strongly suspect when the good folk of Hamilton wake up tomorrow that's what they'll get. Sue Webber is a Scottish Conservative MSP for Lothian
The Guardian
13 minutes ago
- The Guardian
English-speaking countries more nervous about rise of AI, polls suggest
People in English-speaking countries including the UK, US, Australia and Canada are more nervous about the rise of artificial intelligence than those in the largest EU economies, where excitement over its spread is higher, new research suggests. A global split over what has been dubbed 'the wonder and worry' of AI appears to correlate with widely divergent levels of trust in governments to regulate the fast-developing technology. The polling of 23,000 adults in 30 countries, shared exclusively with the Guardian by Ipsos Mori, also showed a quarter of people globally still do not have a good understanding of what AI is, despite it being widely described as the most transformative technology in decades. On Wednesday, Abba's Björn Ulvaeus revealed he was writing a musical with the assistance of AI, describing it as 'like having another songwriter in the room with a huge reference frame'. Britons appear to be among the world's most worried people about the rise of AI, with two-thirds of people in Great Britain saying they are nervous about the technology being deployed in products and services, and less than half trusting the UK government to regulate AI responsibly. By contrast half or less than half of people in France, Germany and Italy said products and services using AI made them nervous. 'In the Anglosphere (US, Great Britain, Canada and Ireland and Australia) there is much more nervousness than excitement,' said Matt Carmichael, a senior vice-president at Ipsos Mori. 'In European markets we see less nervousness, but also just a mid-range of excitement. Some markets are much more positive than nervous, especially in south-east Asia.' Only Americans, Japanese people and Hungarians trust their governments less to regulate AI than Britons. The UK government recently delayed a bill intended to regulate AI companies in order to align itself with the stance of Donald Trump's administration in the US. Trust in government regulation is lowest in the US, where the president's election campaign was bankrolled by Silicon Valley technology oligarchs including Mark Zuckerberg, Elon Musk and Jeff Bezos and he recently proposed a bill preventing new state-led regulations of AI. By contrast last June, the European Union passed the bloc-wide EU AI Act, which bans AI that poses an 'unacceptable risk', for example, systems used for social scoring, and requires systems to declare when AI has been used to manipulate or generate content. People in India, where the use of misleading AI-generated deepfake videos marked last year's general election campaign, are also among the most nervous about AI being used in products and services. The polling also revealed widespread opposition to AI's use in creating news articles, films and adverts but an equal acceptance that AI will become the primary producer of these things anyway. The highest levels of excitement about AI were found in Indonesia, Malaysia and Thailand where levels of trust in government regulation were also highest. Polling in those countries was only representative of the more 'connected' urban and educated populations but it showed almost double the levels of excitement as in the whole populations of the US and Great Britain. People in Great Britain were among the most pessimistic about how AI will worsen the job market, with nearly a third fearing AI will replace them entirely at work. Globally, just 31% of people think the job market in their country will improve because of AI and 35% think it will get worse. But perception of its impact varied widely. Nearly three-quarters of people in Thailand believe it is very or somewhat likely that AI will replace their current job in the next five years, compared with only 14% who believe their job will go in Sweden and one in four in the US, Great Britain and Australia. Across all 30 countries, the polling showed very few people want AI created-online news articles, films or adverts, but most people think it is likely AI will become the primary producer of all of these things as well as making television programmes, screening job adverts and even creating realistic sports content such as tennis matches between AI-generated players. Carmichael said this could play out either with increasing public acceptance as AI-generated content becomes more widespread or alternatively a 'backlash'. Some of that resistance is currently being seen with the campaign by musicians in the UK, including Kate Bush and Elton John, for greater protections against copyright infringement by technology companies building large language models (LLMs). There have also been lawsuits in the US where novelists from John Grisham to Ta-Nehisi Coates have been suing OpenAI and Microsoft for copyright infringement.
