Latest news with #AlanWoodward
Perth Now
20-05-2025
- Perth Now
Smart toasters may be used to spy on people
Smart toasters could be used to spy on people. As tech firms ditch security updates for old devices that are connected to the web via Wi-Fi, it gives people the perfect opportunity to hack into the products. It comes as cyber attackers launched a "zombie army" of internet-connected devices in 2016, which resulted in them shutting down large parts of the web. Alan Woodward, a cybersecurity professor at the University of Surrey, added that non-protected devices act as a "stepping stone" for hackers. He is quoted by The Times as saying: 'In some ways, it might not matter that your toaster doesn't get updated. 'But actually if it's on your network and somebody discovers a vulnerability, that vulnerability is never going to be fixed. "If it remains connected and it's just kind of ignored, then it can be a stepping stone." Andrew Laughlin, from consumer choice brand Which?, told the publication: "This is a pattern that we see time and again as companies drop support for their smart products, sometimes after as little as two years."
Yahoo
07-05-2025
- Business
- Yahoo
Co-op diverts supplies to rural areas as cyber attack triggers shortages
The Co-op is diverting food and drink supplies to remote countryside shops as it battles to avoid shortages in isolated communities following a cyber attack. The retailer, which runs around 2,500 stores across the UK, is understood to be prioritising the supply of essential items to shops on islands and in isolated towns. It follows reports that some of its stores across the Scottish isles have been running increasingly low on food supplies in the wake of the cyber attack, which has forced it to switch off crucial systems and left the business struggling to manage deliveries from its suppliers. Food and drink companies that sell goods to the Co-op said they had been told to cancel deliveries to warehouses in recent days because of problems with its Electronic Data Interchange (EDI) system, which is used to maintain and manage stock levels. The issue has led to empty shelves and shortages of goods in some stores, including loo roll, milk and some vegetables. Co-op has been left with empty shelves and shortages of goods in some stores The decision to prioritise stock in more remote stores raises the likelihood of empty shelves in urban centres, it is understood. Co-op is prioritising rural and island outposts because there are some areas where it is the only shop in town, meaning communities could be cut off from essentials or forced to travel long distances to buy supplies. The Co-op declined to comment. The funerals-to-supermarket group has been hit by a devastating cyber attack that has seen data on members stolen and left it unable to use key systems. The Co-op was forced to admit last Friday that the cyber attack was much more serious than it had initially claimed, confessing that customers' data had been stolen, including names and addresses. Some of its shops were also forced to limit payments to cash only earlier this week, though issues with card payments were fixed by Wednesday. Shirine Khoury-Haq, Co-op's chief executive, told members in a letter on Monday: 'This is obviously extremely distressing for our colleagues and members, and I am very sorry this happened.' Marks & Spencer and Harrods have been similarly targeted in a string of cyber attacks aimed at British retail companies over recent weeks. The attacks have been linked to groups of teenage hackers and a collective called DragonForce, which has claimed responsibility. DragonForce told the BBC it had stolen data on 20m Co-op customers, though the retailer has not confirmed the number. The Co-op has drafted in government cyber security experts to help as it battles the attack. Staff have also been told they must keep their cameras on in virtual meetings amid fears that hackers could be using internal communication systems to pose as staff. A leading cyber security expert warned over the weekend that the attack on Co-op and the theft of its data could leave millions of members at risk of scams and identity fraud for years. Alan Woodward, of the Surrey Centre for Cyber Security at the University of Surrey, said stolen details could end up being sold on the dark web to scammers. Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Yahoo
04-05-2025
- Yahoo
Co-op hack leaves millions at risk of scams for years, expert warns
The Co-op cyber attack leaves millions of members at risk of scams and identity fraud for years, a leading cybersecurity expert has warned. Professor Alan Woodward, of the Surrey Centre for Cyber Security at the University of Surrey, said members' details could be sold on the dark web to scammers and fraudsters who could combine it with other hacked information to scam people. 'Data like that gets sold on,' said Prof Woodward, who has advised organisations including Europol on cybercrime. 'So you might not suffer a loss immediately. But if someone's got your name, address, telephone number, email address, they actually sell those kinds of details on to scammers. 'The scammers then use them for socially engineering you into anything from giving you their bank details to phishing attacks where you log in and give away your login credentials, that type of thing.' The Co-op admitted on Friday that cyber criminals had stolen data on a 'significant' number of its members, having previously claimed the attack only had a 'small impact' on its operations. The gang behind the attack told the BBC they had stolen the private information of 20m people who signed up to the Co-op's membership scheme, though the retailer wouldn't confirm the number. The Co-op said hackers had accessed 'personal data such as names and contact details, and did not include members' passwords, bank or credit card details, transactions or information relating to any members' or customers' products or services with the Co-op Group.' While the information taken may sound harmless, Prof Woodward warned: 'Scammers are getting better and better at adding these little nuggets of various multitudes into their social engineering attacks, which make people trust them. 'As soon as you've got your full name, date of birth, address, telephone number, National Insurance number, a bank number – those are the sort of things people will take as proof of identity online. 'It starts to become possible with those dossiers on somebody to start committing fairly serious fraud.' The Information Commissioner's Office (ICO), which is working with the Co-op, has advised people worried about their personal information after the cyberattack to take steps to protect themselves. The ICO urges people to use strong and varied passwords and watch out for suspicious emails, text messages and unusual card transactions. People can also contact the UK's Fraud Prevention Service to apply for protective registration, which requires organisations to carry out extra checks if you apply for a financial product. The Co-op declined to say what steps, if any, it intended to take in order to protect customers affected by the breach. It referred The Telegraph to its statement on Friday: 'We appreciate that our members have placed their trust in our Co-op when providing information to us. Protecting the security of our members' and customers' data is a priority, and we are very sorry that this situation has arisen.' The retailer added: 'We are continuing to experience sustained malicious attempts by hackers to access our systems. This is a highly complex situation, which we continue to investigate in conjunction with the NCSC [National Cyber Security Centre] and the NCA [National Crime Agency]. 'We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners.' The Co-op has become the latest retailer to be targeted by cyber criminals following last month's devastating attack on Marks & Spencer that has bought the retailer to its knees and an attempted digital raid on Harrods. A criminal hacking gang known as DragonForce has taken responsibility for all three attacks. Mr Woodward said those whose information had been compromised were unlikely to be able to get compensation despite being left vulnerable to scams or identity theft for years. He said: 'There were a number of class actions raised [after similar incidents]. What the Supreme Court eventually said was that unless you suffered a direct financial loss, then it is not a problem as far the law is concerned.' Broaden your horizons with award-winning British journalism. Try The Telegraph free for 1 month with unlimited access to our award-winning website, exclusive app, money-saving offers and more.
Telegraph
04-05-2025
- Telegraph
Co-op hack leaves millions at risk of scams for years, expert warns
The Co-op cyber attack leaves millions of members at risk of scams and identity fraud for years, a leading cybersecurity expert has warned. Professor Alan Woodward, of the Surrey Centre for Cyber Security at the University of Surrey, said members' details could be sold on the dark web to scammers and fraudsters who could combine it with other hacked information to scam people. 'Data like that gets sold on,' said Prof Woodward, who has advised organisations including Europol on cybercrime. 'So you might not suffer a loss immediately. But if someone's got your name, address, telephone number, email address, they actually sell those kinds of details on to scammers. 'The scammers then use them for socially engineering you into anything from giving you their bank details to phishing attacks where you log in and give away your login credentials, that type of thing.' The Co-op admitted on Friday that cyber criminals had stolen data on a 'significant' number of its members, having previously claimed the attack only had a 'small impact' on its operations. The gang behind the attack told the BBC they had stolen the private information of 20m people who signed up to the Co-op's membership scheme, though the retailer wouldn't confirm the number. The Co-op said hackers had accessed 'personal data such as names and contact details, and did not include members' passwords, bank or credit card details, transactions or information relating to any members' or customers' products or services with the Co-op Group.' While the information taken may sound harmless, Prof Woodward warned: 'Scammers are getting better and better at adding these little nuggets of various multitudes into their social engineering attacks, which make people trust them. 'As soon as you've got your full name, date of birth, address, telephone number, National Insurance number, a bank number – those are the sort of things people will take as proof of identity online. 'It starts to become possible with those dossiers on somebody to start committing fairly serious fraud.' The Information Commissioner's Office (ICO), which is working with the Co-op, has advised people worried about their personal information after the cyberattack to take steps to protect themselves. The ICO urges people to use strong and varied passwords and watch out for suspicious emails, text messages and unusual card transactions. People can also contact the UK's Fraud Prevention Service to apply for protective registration, which requires organisations to carry out extra checks if you apply for a financial product. 'Protecting security of data is a priority' The Co-op declined to say what steps, if any, it intended to take in order to protect customers affected by the breach. It referred The Telegraph to its statement on Friday: 'We appreciate that our members have placed their trust in our Co-op when providing information to us. Protecting the security of our members' and customers' data is a priority, and we are very sorry that this situation has arisen.' The retailer added: 'We are continuing to experience sustained malicious attempts by hackers to access our systems. This is a highly complex situation, which we continue to investigate in conjunction with the NCSC [National Cyber Security Centre] and the NCA [National Crime Agency]. 'We have implemented measures to ensure that we prevent unauthorised access to our systems whilst minimising disruption for our members, customers, colleagues and partners.' The Co-op has become the latest retailer to be targeted by cyber criminals following last month's devastating attack on Marks & Spencer that has bought the retailer to its knees and an attempted digital raid on Harrods. A criminal hacking gang known as DragonForce has taken responsibility for all three attacks. Mr Woodward said those whose information had been compromised were unlikely to be able to get compensation despite being left vulnerable to scams or identity theft for years. He said: 'There were a number of class actions raised [after similar incidents]. What the Supreme Court eventually said was that unless you suffered a direct financial loss, then it is not a problem as far the law is concerned.'
The Independent
01-05-2025
- Business
- The Independent
The M&S cyberattack has caused chaos – Britain's enemies will be watching and learning
Shoppers looking to top up their Sparks points or pick up their weekly groceries may find things difficult this week at Marks & Spencer, which is still reeling from the i mpact of a cyber incident – believed to be a ransomware attack – launched against its business last month. Co-op shoppers may well count their blessings, as we've recently learned that the retailer has taken 'proactive measures' to mitigate the dangers of its own cyberincursion. Combined with evermore headlines about high-profile hacks, and even suggestions that cybercrime was behind the recent countrywide power outage in Spain and Portugal – something the countries have denied – it's easy to think we're in the throes of a major hacking flurry. Such a supposition would be correct. The cold, hard reality is that although we're facing the impact of the attacks first-hand, with bare supermarket shelves and disrupted businesses, when it comes to the problems businesses are facing daily from cybercriminals, this is just a drop in the ocean. 'These are high-profile names so make the headlines, but they are the tip of an iceberg of attacks daily,' says Alan Woodward, professor of cybersecurity at the University of Surrey. 'These serious criminal attacks tend to come in fits and starts, with no obvious pattern,' says Ciaran Martin, a former head of the National Cyber Security Centre, and now a professor at the University of Oxford. While many have been keen to try and combine the attacks against supermarkets with other unrelated issues to cybercrime such as the electricity outages in Spain and Portugal, the reality is that there's often little connection between the individual attacks. 'I don't think these particular attacks are linked,' says Woodward. 'They're probably different malware and groups.' While little is known about the attempted hack that the Co-op reportedly managed to repel recently, the hacking group behind the Marks & Spencer attack is believed to be Scattered Spider, an English-speaking group whose members were linked to a 2023 ransomware attack against two US casino operators, which brought Las Vegas hotels to their knees. The reason why hackers launch these attacks is simple: many victims end up paying. Although official advice is to stand firm against criminals, the chaos it can cause to businesses – one retail expert has said M&S could be losing £3.5m a day in lost sales, while its stock market value has also taken a hit – means many do pay up. That results in a bonanza for cybercriminals. While the total estimated takings by ransomware gangs in 2024 of $813m was down from 2023's record-breaking year of $1.25bn, according to Chainalysis, it's still a pretty penny. The UK government is planning on introducing legislation to make ransomware payments by public bodies illegal. And each attack has an impact. 'They're a reminder to private and public sector leaders that rampant cybercrime is a potent threat to their organisation,' says Martin. He's also concerned that the attacks and our comparatively limp response to solving the issue (M&S has been struggling to fix things since Easter) set a precedent that encourages more hacks. 'What it does indicate is the inexorable rise in the number of attacks,' says Woodward. 'We're getting better at repelling attacks, but occasionally one will get through due to the increasing volume.' It's akin to the old warning by the Provisional IRA in the 1980s: 'We only have to be lucky once. You will have to be lucky always.' 'My national level worry is that this gives other bad actors a playbook on how to disrupt Britain at scale,' says Martin. 'We can cope with these attacks individually, painful though they are. But what if lots of them are launched at the same time? I think that's becoming the strategic worry rather than the single big, spectacular, Hollywood movie cyberattack.' Leaders in countries like Russia, North Korea and Iran – all of which reportedly have state-sponsored hacking groups, and all of which have tried one time or another to target western countries like the UK with these kinds of attacks – will be looking on and learning from how we're responding to these mischief makers and private criminal enterprises. 'There are worrying signs that some potentially hostile states are catching on to the potential of these types of attacks as a weapon against us,' says Martin. 'They're learning from the criminals.' 'Today's hackers don't just break into computers; they break the trust between companies by abusing supplier links, employee accounts and APIs all along the supply chain,' says Nathaniel Jones, vice president of security and AI strategy at Darktrace, a cybersecurity company. Tackling that scourge is tricky, says Jones. Having deep defences, and an environment where individuals are always asked to prove their identities, and to limit access to private files – sometimes called a 'zero-trust' approach – can help. 'But putting those ideas into practice is tough in retail, where systems and suppliers change all the time,' Jones admits. Still, more work needs to be done – and it can't just be from the businesses themselves, believes Jones. 'The government also has an opportunity to drive up cybersecurity standards in its upcoming Audit and Corporate Governance Bill, which could play an important role in addressing these risks,' he says. The reason why we need to address the issue can be seen on the shop floors and hospital wards that have faced down the hackers and struggled. 'The disruption is a direct result of our hyper connectivity, and the fact that many have moved their services online as it's cheaper,' says Woodward. 'The government has identified what is critical infrastructure and does make efforts to work with those that provide the services so they are robust. But loss of a single service, say an online government service where one can deal with them only online, can cause enormous disruption to life.' Woodward believes government is less worried about a single big attack and more lots of individual, sustained attacks against smaller, softer targets. 'Yes, someone might try to take out the grid – and never say never – but it's more likely it will be gumming the works in local government, telecoms, hospitals and banking,' he says. It's for that reason that Woodward keeps cash and a few days' worth of water in his cupboard – and food too. Because you never know when the shops might stop.
