Latest news with #Dragonforce
STV News
14-05-2025
- Business
- STV News
How can I protect myself from Marks and Spencer cyber attack?
Marks and Spencer customers have been urged to 'stay vigilant' for scams and fraud after the retailer confirmed some personal data had been stolen in a cyber attack on the firm. The warning comes as the retailer struggles to resume normal operations weeks on from the original hack. M&S has struggled to grapple with the fallout of the attack and retail experts have said it is likely to lead to a significant profit hit. Personal data that could have been accessed includes names, email addresses, postal addresses and dates of birth, according to M&S. But the group stressed the data does not include payment or card details, or account passwords and is not believed to have been shared online. The high street chain did not say how many shoppers had been affected but has emailed all website customers to alert them about the data breach. It had 9.4 million active online customers in the year to March 30, according to its last full-year results. Chief executive Stuart Machin told shoppers there is 'no need for customers to take any action'. In a social media post, Mr Machin said: 'We have written to customers today (Tuesday) to let them know that unfortunately, some personal customer information has been taken. 'Importantly there is no evidence that the information has been shared and it does not include useable card or payment details, or account passwords, so there is no need for customers to take any action. 'To give customers extra peace of mind, they will be prompted to reset their password the next time they visit or log on to their M&S account and we have shared information on how to stay safe online.' The group has not been able to take any orders through its website or app since April 25 as it tries to resolve the problem, although all stores remain open. M&S first reported the issue over the Easter weekend, with the incident initially causing problems for the retailer's contactless payments and click and collect orders, while it has also impacted some availability in stores after it took some of its systems offline in response. While M&S shoppers are still unable to buy online, it was able to restart contactless payments in store fairly quickly and said customers can now take online order returns to stores. A hacking group operating under the name Scattered Spider has been linked to the ransomware attack, according to reports. The group is notorious in the online criminal world for targeting large companies and breaching their data. It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system. On May 2, the Information Commissioner's Office said it was also looking into the attack, as well as a similar major incident involving the Co-op. The Co-op has also apologised to customers after hackers accessed and extracted members' personal data, such as names and contact details, while it too has suffered availability problems as a result of the attack. Luxury department store Harrods also confirmed earlier this month it had been affected by an attempted hack and had temporarily restricted internet access across its sites as a precautionary measure. The National Crime Agency has said it is investigating the attacks individually but is 'mindful they may be linked'. Get all the latest news from around the country Follow STV News Scan the QR code on your mobile device for all the latest news from around the country
STV News
12-05-2025
- Business
- STV News
M&S and Co-op: What we know weeks after cyber attacks
Weeks on from the cyber attack that hit several major British retailers, many are still unable to return to normal operation and are unwilling to estimate when everything will be repaired. On Friday, 25 April, M&S halted online orders after it reported being a victim of a cyber attack. Just under a week later, the Co-op revealed it was also the victim of an attempted hack and that several of its services had been impacted. Luxury retailer Harrods was also affected. Now, more than two weeks on from the original hack, M&S still cannot process sales online, and Co-op has only just managed to get its shelves stocked. They are also declining to offer any timeline on when things may return to normal. Cabinet Office minister Pat McFadden said the wave of attacks on UK businesses should be a 'wake-up' call for the industry. What have we learned since the attack? Although M&S and Co-op have not released much information about the attacks, it is becoming clear that it was not a small incident. It has been estimated that each day their website is offline, M&S loses £3.5 million. Half a billion pounds has also been wiped off its share price. Co-op also said the data of a significant number of their customers had been stolen, and they had issues with taking card payments. ITV News learned that in the wake of the attack, loyalty cards, handheld scanners and apps used to report security incidents in M&S stores were all impacted. Numerous products have been taken offline as a result of the hack. / Credit: PA Reports emerged claiming that a hacking group known as Scattered Spider was behind the attack. The group is notorious in the online criminal world for targeting large companies and breaching their data. It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system. Cyber security expert Graham Cluley told ITV News: 'Attacks involving the DragonForce ransomware usually start with exploitation of known vulnerabilities – often involving corporate systems that have not been kept up-to-date with the latest security patches, or because they have not been configured properly.' Tech specialist website BleepingComputer reported that hackers tricked Co-op and Marks & Spencer IT help desk workers into gaining access to the companies' systems. It is believed they used a method known as sim-swapping to steal a person's phone number and other key pieces of data in order to effectively impersonate someone and give businesses access to their account. Scattered Spider has used this tactic in the past. It is believed that once they had enough access, they used M&S's Active Directory, a Microsoft product that connects internal networks and stores information. Cyber security expert, Professor Alan Woodward, told ITV News: 'Active Directory is a Microsoft product, which allows you to log in once and access all the systems. 'There's a suggestion that they managed to get in and get one of the files out of there, which contains passwords, etc. Empty shelves inside a Marks & Spencer days after the attack. / Credit: PA 'They probably wouldn't have been able to get the passwords out of the file, but if they could get in that far, then they could probably do something to mess up the network.' Industry expert Sam Kirkman from cybersecurity firm NetSPI said the hackers had likely gained access to M&S's core systems which means they can 'cripple multiple areas of a business at once, maximising their impact and making it very difficult to recover without extensive rebuilding of key IT systems – which takes time.' It is believed that one of the reasons both M&S and Co-op are taking so long to get their services back to normal is that they have not paid the ransom demanded by the hackers, which is the advice of the UK government. What are the businesses saying? Not much. When ITV News contacted M&S, it said it had no new update about when all of its services would return to normal. The last update from M&S was 10 days ago when their CEO, Stuart Machin, said in a statement they were working 'day and night' to restore their services. This is despite the fact that it has been almost three weeks since they disabled online orders on their website. If you try and order an item of clothing from M&S's website, it just says: 'We have paused online orders. Products remain available to browse online and stores are open.' Co-op told ITV News all of their stores were receiving deliveries as of Monday morning. But they did say: 'Some of our stores might not have all their usual products available and we are sorry if this is the case for our members' and customers in their local store. We are working around the clock to reduce disruption and are pleased to have resumed delivery of stock to our shelves.' Local media and social posts online have shown both Co-op and M&S shelves empty with apology notices saying they had issues with stock delivery. Get all the latest news from around the country Follow STV News Scan the QR code on your mobile device for all the latest news from around the country
ITV News
12-05-2025
- Business
- ITV News
M&S and Co-op: What we know weeks after cyber attacks
Weeks on from the cyber attack that hit several major British retailers, many are still unable to return to normal operation and are unwilling to estimate when everything will be repaired. On Friday, 25 April, M&S halted online orders after it reported being a victim of a cyber attack. Just under a week later, the Co-op revealed it was also the victim of an attempted hack and that several of its services had been impacted. Luxury retailer Harrods was also affected. Now, more than two weeks on from the original hack, M&S still cannot process sales online, and Co-op has only just managed to get its shelves stocked. They are also declining to offer any timeline on when things may return to normal. Cabinet Office minister Pat McFadden said the wave of attacks on UK businesses should be a "wake-up" call for the industry. What have we learned since the attack? Although M&S and Co-op have not released much information about the attacks, it is becoming clear that it was not a small incident. It has been estimated that each day their website is offline, M&S loses £3.5 million. Half a billion pounds has also been wiped off its share price. Co-op also said the data of a significant number of their customers had been stolen, and they had issues with taking card payments. ITV News learned that in the wake of the attack, loyalty cards, handheld scanners and apps used to report security incidents in M&S stores were all impacted. Reports emerged claiming that a hacking group known as Scattered Spider was behind the group is notorious in the online criminal world for targeting large companies and breaching their data. It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system. Cyber security expert Graham Cluley told ITV News: "Attacks involving the DragonForce ransomware usually start with exploitation of known vulnerabilities - often involving corporate systems that have not been kept up-to-date with the latest security patches, or because they have not been configured properly." Tech specialist website BleepingComputer reported that hackers tricked Co-op and Marks & Spencer IT help desk workers into gaining access to the companies' systems. It is believed they used a method known as sim-swapping to steal a person's phone number and other key pieces of data in order to effectively impersonate someone and give businesses access to their account. Scattered Spider has used this tactic in the past. It is believed that once they had enough access, they used M&S's Active Directory, a Microsoft product that connects internal networks and stores information. Cyber security expert, Professor Alan Woodward, told ITV News: "Active Directory is a Microsoft product, which allows you to log in once and access all the systems. "There's a suggestion that they managed to get in and get one of the files out of there, which contains passwords, etc. "They probably wouldn't have been able to get the passwords out of the file, but if they could get in that far, then they could probably do something to mess up the network." Industry expert Sam Kirkman from cybersecurity firm NetSPI said the hackers had likely gained access to M&S's core systems which means they can "cripple multiple areas of a business at once, maximising their impact and making it very difficult to recover without extensive rebuilding of key IT systems – which takes time.' It is believed that one of the reasons both M&S and Co-op are taking so long to get their services back to normal is that they have not paid the ransom demanded by the hackers, which is the advice of the UK government. What are the businesses saying? Not much. When ITV News contacted M&S, it said it had no new update about when all of its services would return to normal. The last update from M&S was 10 days ago when their CEO, Stuart Machin, said in a statement they were working "day and night" to restore their services. This is despite the fact that it has been almost three weeks since they disabled online orders on their website. If you try and order an item of clothing from M&S's website, it just says: "We have paused online orders. Products remain available to browse online and stores are open." Co-op told ITV News all of their stores were receiving deliveries as of Monday morning. But they did say: "Some of our stores might not have all their usual products available and we are sorry if this is the case for our members' and customers in their local store. We are working around the clock to reduce disruption and are pleased to have resumed delivery of stock to our shelves." Local media and social posts online have shown both Co-op and M&S shelves empty with apology notices saying they had issues with stock delivery.
Yahoo
07-05-2025
- Business
- Yahoo
Why cyberattacks on UK supermarkets are likely to continue
The wave of cyberattacks targeting British retailers is likely to continue, spelling more disrupted shopping for UK consumers, experts have warned. Harrods was the third major retailer to be targeted following ransomware attacks on Marks & Spencer and the Co-Op, for which a hacking gang has claimed responsibility. It is believed that hackers impersonated employees while contacting the retailers' IT help desks to gain access to the network in all three cases. Ransomware attacks see malicious software used to deny access an organisation or user to their own files and data by encrypting them. Marks & Spencer was attacked first on 21 April, leaving the retailer unable to accept contactless payments and website orders paused, which have not yet resumed. The attack disrupted M&S's stock ordering systems, leading to empty shelves and the suspension of meal deal offers. Then on 30 April, Co-op confirmed a cyberattack impacting back-office services and leaving the company suspending VPN access for all staff. The attack led to delivery delays and disrupted deliveries leading to product shortages. Harrods announced on 1 May that it had contained an attempted cyberattack and had restricted internet access as a precaution. The Metropolitan Police is investigating. Who is behind these attacks? A notorious ransomware gang called Dragonforce is thought to be behind the attacks, explains Paul Bischoff, consumer privacy advocate at Comparitech, speaking to Yahoo News. Dragonforce has claimed responsibility for all three attacks, although this has not yet been confirmed. Technology specialist site BleepingComputer had previously said the attack on M&S was believed to have been conducted by a hacking collective known as Scattered Spider – deploying Dragonforce ransomware. The National Cyber Security Centre (NCSC) has also suggested that tactics used by the Scattered Spider ransomware group were employed in the attacks. Harrods became the latest retailer to be hit by cyber criminals. (Getty Images) 'Dragonforce claimed responsibility for 30 confirmed ransomware attacks in total, six of which occurred in 2025," Bischoff says. "That doesn't include dozens more unconfirmed claims that DragonForce made, but were never acknowledged by the targeted organisations. 'Ransomware locks down computer systems, steals data, or both (DragonForce does both). Companies are forced to pay a ransom or else face extended downtime, data loss, and putting customers at increased risk of fraud.' Why such cyberattacks are likely to continue The first reason why attacks on retailers are likely to continue is because ransomware remains an effective way for cybercriminals to make money, according to Bischoff. So far there is no suggestion that any UK retailers have paid the ransom, but many targeted organisations do. Research by security firm Proofpoint in 2024 found that 64% of British firms targeted by ransomware paid the ransom. Separately, software giant Cisco's annual Cybersecurity Readiness Index released on Wednesday found that only 4% of UK organisations achieved its 'mature' level of readiness be able to withstand modern cyber attacks – although this was a slight increase from the just 2% that achieved the status last year. According to its study, 78% of UK organisations said they had faced an artificial intelligence-related security incident in the last year, but only 52% of those surveyed said they are confident their staff fully understand AI-related threats or grasp how the technology can be used to carry out attacks. 'This sort of thing is likely to happen more often," says Bischoff. "Ransomware is a proven way for cybercriminals to make money, and until that's no longer true, we'll continue to see ransomware attacks.' Secondly, according to Bischoff, it's now becoming easier for criminals to launch such attacks, as they can simply pay 'rent' to other criminals to use malicious software and tactics. This means that relatively unskilled criminals can launch attacks. 'The rise of 'ransomware-as-a-service' businesses and AI make it easier for non-technical users to launch ransomware attacks and collect ransoms," Bischoff says How will it affect British shops? The NCSC has urged retailers to take preventative measures to prevent future attacks, with suggested measures including reviewing how IT help desks reset passwords for users and to enable two-step verification for all users. Bischoff says that with such attacks continuing, British retailers are likely to modify how they store, secure and access data. "That includes regular backups, training employees to spot phishing emails, and disaster recovery planning," he says. Cybersecurity expert Cody Barrow, chief executive of EclecticIQ, said the recent flurry of attacks showed cybercriminals are becoming bolder. "It highlights an alarming trend: attackers are becoming increasingly opportunistic, exploiting weaknesses across complex, highly interconnected supply chains,' he said, warning that artificial intelligence was also making it easier for lower-skilled hackers to put together sophisticated attacks. 'What's deeply concerning is generative AI is accelerating the threat landscape. 'Sophisticated phishing campaigns, deepfake social engineering, and adaptive malware are now within reach of even low-skilled attackers. This widespread access to advanced attack tools is driving up attack volume, speed, and complexity.'
Yahoo
07-05-2025
- Business
- Yahoo
Why cyberattacks on UK supermarkets are likely to continue
The wave of cyberattacks targeting UK retailers such as M&S and Co-op is likely to continue, causing more disruption for shoppers, experts have warned. Stocks at Marks & Spencer food stores were impacted by the ransomware attacks. (Alamy Live News) The wave of cyberattacks targeting British retailers is likely to continue, spelling more disrupted shopping for UK consumers, experts have warned. Harrods was the third major retailer to be targeted following ransomware attacks on Marks & Spencer and the Co-Op, for which a hacking gang has claimed responsibility. It is believed that hackers impersonated employees while contacting the retailers' IT help desks to gain access to the network in all three cases. Ransomware attacks see malicious software used to deny access an organisation or user to their own files and data by encrypting them. Marks & Spencer was attacked first on 21 April, leaving the retailer unable to accept contactless payments and website orders paused, which have not yet resumed. The attack disrupted M&S's stock ordering systems, leading to empty shelves and the suspension of meal deal offers. Then on 30 April, Co-op confirmed a cyberattack impacting back-office services and leaving the company suspending VPN access for all staff. The attack led to delivery delays and disrupted deliveries leading to product shortages. Harrods announced on 1 May that it had contained an attempted cyberattack and had restricted internet access as a precaution. The Metropolitan Police is investigating. Who is behind these attacks? A notorious ransomware gang called Dragonforce is thought to be behind the attacks, explains Paul Bischoff, consumer privacy advocate at Comparitech, speaking to Yahoo News. Dragonforce has claimed responsibility for all three attacks, although this has not yet been confirmed. Technology specialist site BleepingComputer had previously said the attack on M&S was believed to have been conducted by a hacking collective known as Scattered Spider – deploying Dragonforce ransomware. The National Cyber Security Centre (NCSC) has also suggested that tactics used by the Scattered Spider ransomware group were employed in the attacks. Harrods became the latest retailer to be hit by cyber criminals. (Getty Images) 'Dragonforce claimed responsibility for 30 confirmed ransomware attacks in total, six of which occurred in 2025," Bischoff says. "That doesn't include dozens more unconfirmed claims that DragonForce made, but were never acknowledged by the targeted organisations. 'Ransomware locks down computer systems, steals data, or both (DragonForce does both). Companies are forced to pay a ransom or else face extended downtime, data loss, and putting customers at increased risk of fraud.' Why such cyberattacks are likely to continue The first reason why attacks on retailers are likely to continue is because ransomware remains an effective way for cybercriminals to make money, according to Bischoff. So far there is no suggestion that any UK retailers have paid the ransom, but many targeted organisations do. Research by security firm Proofpoint in 2024 found that 64% of British firms targeted by ransomware paid the ransom. Separately, software giant Cisco's annual Cybersecurity Readiness Index released on Wednesday found that only 4% of UK organisations achieved its 'mature' level of readiness be able to withstand modern cyber attacks – although this was a slight increase from the just 2% that achieved the status last year. According to its study, 78% of UK organisations said they had faced an artificial intelligence-related security incident in the last year, but only 52% of those surveyed said they are confident their staff fully understand AI-related threats or grasp how the technology can be used to carry out attacks. 'This sort of thing is likely to happen more often," says Bischoff. "Ransomware is a proven way for cybercriminals to make money, and until that's no longer true, we'll continue to see ransomware attacks.' Secondly, according to Bischoff, it's now becoming easier for criminals to launch such attacks, as they can simply pay 'rent' to other criminals to use malicious software and tactics. This means that relatively unskilled criminals can launch attacks. 'The rise of 'ransomware-as-a-service' businesses and AI make it easier for non-technical users to launch ransomware attacks and collect ransoms," Bischoff says How will it affect British shops? The NCSC has urged retailers to take preventative measures to prevent future attacks, with suggested measures including reviewing how IT help desks reset passwords for users and to enable two-step verification for all users. Bischoff says that with such attacks continuing, British retailers are likely to modify how they store, secure and access data. "That includes regular backups, training employees to spot phishing emails, and disaster recovery planning," he says. Cybersecurity expert Cody Barrow, chief executive of EclecticIQ, said the recent flurry of attacks showed cybercriminals are becoming bolder. "It highlights an alarming trend: attackers are becoming increasingly opportunistic, exploiting weaknesses across complex, highly interconnected supply chains,' he said, warning that artificial intelligence was also making it easier for lower-skilled hackers to put together sophisticated attacks. 'What's deeply concerning is generative AI is accelerating the threat landscape. 'Sophisticated phishing campaigns, deepfake social engineering, and adaptive malware are now within reach of even low-skilled attackers. This widespread access to advanced attack tools is driving up attack volume, speed, and complexity.'
