Co-op is Latest British Retailer to Be Hit by Cyber Attack
LONDON - Britain's Co-op Group said on Wednesday that hackers had attempted to break into its systems, marking the second high-profile cyber attack on a major UK retailer in as many weeks. The Co-op, which is owned by its members and trades from over 2,300 food stores across the UK, also has funeral care, legal, and insurance businesses.
The company confirmed that hackers had tried to gain unauthorized access to some of its systems, forcing it to shut down some of its back office and call centre operations. However, all its stores, online operations, and funeral homes were trading as usual, with the Co-op working to reduce disruption.
"We have recently experienced attempts to gain unauthorised access to some of our systems," a Co-op spokesperson said. "We have taken proactive steps to keep our systems safe."
A Wave of Cyber Attacks Hits British Companies
The attack on M&S, one of Britain's best-known retailers, has come during a bout of warm weather in Britain, when retailers would normally report an increase in demand for summer clothing. Availability of some food products has also been affected in some stores.
Ransomware: The Suspected Culprit
Cyber security experts have said that the fact M&S took systems offline suggested it was a ransomware-related event. Technology specialist site BleepingComputer, citing multiple sources, said a ransomware attack that encrypted M&S's servers was believed to have been conducted by a hacking collective known as "Scattered Spider."
Scattered Spider comprises small clusters of people, including youngsters, who collaborate on and off on specific jobs. Security experts and officials have said it has been blamed for unusually aggressive cybercrime sprees.
The Sophisticated Threat of Scattered Spider
Nathaniel Jones, VP of Security & AI Strategy at cybersecurity company Darktrace, said the alleged confirmation that Scattered Spider was behind the M&S attack via the DragonForce encryptor highlighted the sophisticated threat this group posed to major organisations.
Manipulating People: The Method Behind the Attack
Jones said members of the group didn't just exploit technical vulnerabilities but manipulated people, especially IT help desks, through phishing, Multi-Factor Authentication (MFA) bombing, and SIM swapping to gain access.
Five members alleged to be in the group were charged by U.S. prosecutors in November. The attack on M&S has come during a period of warm weather in Britain, when retailers would normally report an increase in demand for summer clothing.
Disruption and Recovery
The Co-op is working to reduce disruption, but the incident highlights the ongoing threat of cyber attacks to British companies. The National Cyber Security Centre is working with both companies, while the Metropolitan Police confirmed on Wednesday that detectives from its Cyber Crime Unit were investigating the M&S attack.