Latest news with #GrahamCluley
STV News
12-05-2025
- Business
- STV News
M&S and Co-op: What we know weeks after cyber attacks
Weeks on from the cyber attack that hit several major British retailers, many are still unable to return to normal operation and are unwilling to estimate when everything will be repaired. On Friday, 25 April, M&S halted online orders after it reported being a victim of a cyber attack. Just under a week later, the Co-op revealed it was also the victim of an attempted hack and that several of its services had been impacted. Luxury retailer Harrods was also affected. Now, more than two weeks on from the original hack, M&S still cannot process sales online, and Co-op has only just managed to get its shelves stocked. They are also declining to offer any timeline on when things may return to normal. Cabinet Office minister Pat McFadden said the wave of attacks on UK businesses should be a 'wake-up' call for the industry. What have we learned since the attack? Although M&S and Co-op have not released much information about the attacks, it is becoming clear that it was not a small incident. It has been estimated that each day their website is offline, M&S loses £3.5 million. Half a billion pounds has also been wiped off its share price. Co-op also said the data of a significant number of their customers had been stolen, and they had issues with taking card payments. ITV News learned that in the wake of the attack, loyalty cards, handheld scanners and apps used to report security incidents in M&S stores were all impacted. Numerous products have been taken offline as a result of the hack. / Credit: PA Reports emerged claiming that a hacking group known as Scattered Spider was behind the attack. The group is notorious in the online criminal world for targeting large companies and breaching their data. It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system. Cyber security expert Graham Cluley told ITV News: 'Attacks involving the DragonForce ransomware usually start with exploitation of known vulnerabilities – often involving corporate systems that have not been kept up-to-date with the latest security patches, or because they have not been configured properly.' Tech specialist website BleepingComputer reported that hackers tricked Co-op and Marks & Spencer IT help desk workers into gaining access to the companies' systems. It is believed they used a method known as sim-swapping to steal a person's phone number and other key pieces of data in order to effectively impersonate someone and give businesses access to their account. Scattered Spider has used this tactic in the past. It is believed that once they had enough access, they used M&S's Active Directory, a Microsoft product that connects internal networks and stores information. Cyber security expert, Professor Alan Woodward, told ITV News: 'Active Directory is a Microsoft product, which allows you to log in once and access all the systems. 'There's a suggestion that they managed to get in and get one of the files out of there, which contains passwords, etc. Empty shelves inside a Marks & Spencer days after the attack. / Credit: PA 'They probably wouldn't have been able to get the passwords out of the file, but if they could get in that far, then they could probably do something to mess up the network.' Industry expert Sam Kirkman from cybersecurity firm NetSPI said the hackers had likely gained access to M&S's core systems which means they can 'cripple multiple areas of a business at once, maximising their impact and making it very difficult to recover without extensive rebuilding of key IT systems – which takes time.' It is believed that one of the reasons both M&S and Co-op are taking so long to get their services back to normal is that they have not paid the ransom demanded by the hackers, which is the advice of the UK government. What are the businesses saying? Not much. When ITV News contacted M&S, it said it had no new update about when all of its services would return to normal. The last update from M&S was 10 days ago when their CEO, Stuart Machin, said in a statement they were working 'day and night' to restore their services. This is despite the fact that it has been almost three weeks since they disabled online orders on their website. If you try and order an item of clothing from M&S's website, it just says: 'We have paused online orders. Products remain available to browse online and stores are open.' Co-op told ITV News all of their stores were receiving deliveries as of Monday morning. But they did say: 'Some of our stores might not have all their usual products available and we are sorry if this is the case for our members' and customers in their local store. We are working around the clock to reduce disruption and are pleased to have resumed delivery of stock to our shelves.' Local media and social posts online have shown both Co-op and M&S shelves empty with apology notices saying they had issues with stock delivery. Get all the latest news from around the country Follow STV News Scan the QR code on your mobile device for all the latest news from around the country
ITV News
12-05-2025
- Business
- ITV News
M&S and Co-op: What we know weeks after cyber attacks
Weeks on from the cyber attack that hit several major British retailers, many are still unable to return to normal operation and are unwilling to estimate when everything will be repaired. On Friday, 25 April, M&S halted online orders after it reported being a victim of a cyber attack. Just under a week later, the Co-op revealed it was also the victim of an attempted hack and that several of its services had been impacted. Luxury retailer Harrods was also affected. Now, more than two weeks on from the original hack, M&S still cannot process sales online, and Co-op has only just managed to get its shelves stocked. They are also declining to offer any timeline on when things may return to normal. Cabinet Office minister Pat McFadden said the wave of attacks on UK businesses should be a "wake-up" call for the industry. What have we learned since the attack? Although M&S and Co-op have not released much information about the attacks, it is becoming clear that it was not a small incident. It has been estimated that each day their website is offline, M&S loses £3.5 million. Half a billion pounds has also been wiped off its share price. Co-op also said the data of a significant number of their customers had been stolen, and they had issues with taking card payments. ITV News learned that in the wake of the attack, loyalty cards, handheld scanners and apps used to report security incidents in M&S stores were all impacted. Reports emerged claiming that a hacking group known as Scattered Spider was behind the group is notorious in the online criminal world for targeting large companies and breaching their data. It is believed the attackers used a piece of ransomware called Dragonforce to cripple the system. Cyber security expert Graham Cluley told ITV News: "Attacks involving the DragonForce ransomware usually start with exploitation of known vulnerabilities - often involving corporate systems that have not been kept up-to-date with the latest security patches, or because they have not been configured properly." Tech specialist website BleepingComputer reported that hackers tricked Co-op and Marks & Spencer IT help desk workers into gaining access to the companies' systems. It is believed they used a method known as sim-swapping to steal a person's phone number and other key pieces of data in order to effectively impersonate someone and give businesses access to their account. Scattered Spider has used this tactic in the past. It is believed that once they had enough access, they used M&S's Active Directory, a Microsoft product that connects internal networks and stores information. Cyber security expert, Professor Alan Woodward, told ITV News: "Active Directory is a Microsoft product, which allows you to log in once and access all the systems. "There's a suggestion that they managed to get in and get one of the files out of there, which contains passwords, etc. "They probably wouldn't have been able to get the passwords out of the file, but if they could get in that far, then they could probably do something to mess up the network." Industry expert Sam Kirkman from cybersecurity firm NetSPI said the hackers had likely gained access to M&S's core systems which means they can "cripple multiple areas of a business at once, maximising their impact and making it very difficult to recover without extensive rebuilding of key IT systems – which takes time.' It is believed that one of the reasons both M&S and Co-op are taking so long to get their services back to normal is that they have not paid the ransom demanded by the hackers, which is the advice of the UK government. What are the businesses saying? Not much. When ITV News contacted M&S, it said it had no new update about when all of its services would return to normal. The last update from M&S was 10 days ago when their CEO, Stuart Machin, said in a statement they were working "day and night" to restore their services. This is despite the fact that it has been almost three weeks since they disabled online orders on their website. If you try and order an item of clothing from M&S's website, it just says: "We have paused online orders. Products remain available to browse online and stores are open." Co-op told ITV News all of their stores were receiving deliveries as of Monday morning. But they did say: "Some of our stores might not have all their usual products available and we are sorry if this is the case for our members' and customers in their local store. We are working around the clock to reduce disruption and are pleased to have resumed delivery of stock to our shelves." Local media and social posts online have shown both Co-op and M&S shelves empty with apology notices saying they had issues with stock delivery.
Scottish Sun
03-05-2025
- Scottish Sun
Staggering number of cyber attacks fought off by Met Office last year revealed as hackers ‘swarm it on daily basis'
Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) THE Met Office was one of six Government agencies hit by 15million cyber attacks last year. Around 40,000 threats a day were fought off by the public bodies in 2024, The Sun on Sunday can reveal. Sign up for Scottish Sun newsletter Sign up The Met Office blocked more than five million phishing emails, nearly double 2023's total. The UK Atomic Energy Authority fended off 1.67million spam and malware messages. There were 223,589 malicious emails to the Maritime and Coastguard Agency, with another 1,111 at the Government Legal Department. The Office for National Statistics, which retains hack records for only 90 days, blocked 485,908 emails from November to February — 5,400 a day. The ONS also faced 15 Distributed Denial of Service (DDoS) attacks, where a website or inbox is flooded with traffic. But the DVLA faced an avalanche, with 7.1million attempted DDoS hits. Malicious emails to the Cardiff-based agency also nearly tripled from 54,105 in 2023 to 153,189. Bodies including the MoD, Home Office, HMRC and Cabinet Office refused to release data under Freedom of Information laws — saying it may hamper efforts to fight cyber crime. It comes as several retail giants, including M&S, have been paralysed by cyber attacks. Internet security expert Graham Cluley said: 'Britain's public sector isn't just under attack — it's being swarmed digitally on a daily basis.' The National Cyber Security Centre said it provides advice and guidance for government partners, helping 'bolster the cyber resilience of the public sector'.
The Sun
03-05-2025
- The Sun
Staggering number of cyber attacks fought off by Met Office last year revealed as hackers ‘swarm it on daily basis'
THE Met Office was one of six Government agencies hit by 15million cyber attacks last year. Around 40,000 threats a day were fought off by the public bodies in 2024, The Sun on Sunday can reveal. The Met Office blocked more than five million phishing emails, nearly double 2023's total. The UK Atomic Energy Authority fended off 1.67million spam and malware messages. There were 223,589 malicious emails to the Maritime and Coastguard Agency, with another 1,111 at the Government Legal Department. The Office for National Statistics, which retains hack records for only 90 days, blocked 485,908 emails from November to February — 5,400 a day. The ONS also faced 15 Distributed Denial of Service (DDoS) attacks, where a website or inbox is flooded with traffic. But the DVLA faced an avalanche, with 7.1million attempted DDoS hits. Malicious emails to the Cardiff-based agency also nearly tripled from 54,105 in 2023 to 153,189. Bodies including the MoD, Home Office, HMRC and Cabinet Office refused to release data under Freedom of Information laws — saying it may hamper efforts to fight cyber crime. It comes as several retail giants, including M&S, have been paralysed by cyber attacks. Internet security expert Graham Cluley said: 'Britain's public sector isn't just under attack — it's being swarmed digitally on a daily basis.' The National Cyber Security Centre said it provides advice and guidance for government partners, helping 'bolster the cyber resilience of the public sector'. 1
The Irish Sun
03-05-2025
- The Irish Sun
Staggering number of cyber attacks fought off by Met Office last year revealed as hackers ‘swarm it on daily basis'
THE Met Office was one of six Government agencies hit by 15million cyber attacks last year. Around 40,000 threats a day were fought off by the public bodies in 2024, The Sun on Sunday can reveal. Advertisement The UK Atomic Energy Authority fended off 1.67million spam and malware messages. There were 223,589 malicious emails to the Maritime and Coastguard Agency, with another 1,111 at the Government Legal Department. The Office for National Statistics, which retains hack records for only 90 days, blocked 485,908 emails from November to February — 5,400 a day. Advertisement Read More on UK News The ONS also faced 15 Distributed Denial of Service (DDoS) attacks, where a website or inbox is flooded with traffic. But the DVLA faced an avalanche, with 7.1million attempted DDoS hits. Malicious emails to the Cardiff-based agency also nearly tripled from 54,105 in 2023 to 153,189. Bodies including the MoD, Home Office, HMRC and Cabinet Office refused to release data under Freedom of Information laws — saying it may hamper efforts to fight cyber crime. Advertisement Most read in Tech It comes as several retail giants, including M&S, have been paralysed by cyber attacks. Internet security expert Graham Cluley said: 'Britain's public sector isn't just under attack — it's being swarmed digitally on a daily basis.' The National Cyber Security Centre said it provides advice and guidance for government partners, helping 'bolster the cyber resilience of the public sector'. 1 The Met Office blocked more than five million phishing emails last year - nearly double 2023's total Credit: BBC Advertisement
