Harrods, one of London's most iconic department stores, has become the latest high-profile retailer in the UK to fall victim to a devastating cyber attack. The incident, which occurred over the past 10 days, has left customers unable to pay for their purchases and joins a growing list of other retailers that have been targeted by hackers.
According to reports by Sky News, Harrods' IT security team immediately sprang into action to mitigate the damage, restricting internet access at all sites, including its flagship Knightsbridge store, as well as H beauty stores and airport stores. The company has assured customers that they can continue to shop via Harrods.com and that there is no need for them to take any special precautions.
But what exactly happened? Harrods' spokesperson confirmed that the retailer recently experienced attempts to gain unauthorized access to some of its systems, which were promptly thwarted by the company's seasoned IT security team. While details about the incident are still sketchy, it appears that all three affected retailers – Harrods, Co-op, and M&S – may have been targeted by a common link.
Growing speculation suggests that the cyber attacks could be linked to a third-party retail services partner in a supply chain attack. This is a plausible scenario, given that the M&S attack has been attributed to the notorious cyber criminal collective Scattered Spider, which allegedly deployed a white-label ransomware called DragonForce on its VMware servers.
Tim Grieveson, chief security officer at attack surface discovery specialist ThingsRecon, believes that there must be a common thread across these retailers that has put them in the crosshairs of cyber criminals. "These aren't isolated events," he said. "They are a wake-up call. The action and initiative we have seen from the Co-op and Harrods should be a blueprint for others, not just in retail, but across all sectors."
Toby Lewis, head of threat analysis at Darktrace, offers two other likely scenarios: either a common supplier or technology used by all three retailers has been breached and used as an entry point to big-name retailers; or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn't have previously judged a risk.
Jake Moore, global cyber security advisor at ESET, highlights a third possibility: even if the same threat actor was not responsible for all three incidents, it is not uncommon for related targets in similar sectors to fall victim to attacks in quick succession. "Other hacking groups are also able to attempt their luck on similar businesses and start demanding ransoms where possible," he added.
Attacks involving the DragonForce ransomware most commonly start by targeting known vulnerabilities, such as attacking systems that have not been kept up to date with the latest security patches. As Moore warned, "Businesses need to be extra vigilant and improve how quickly they update their networks."
Here is a timeline of recent UK retail cyber attacks:
- Co-op instructs staff to be wary of lurking hackers
- Co-op shuts off IT systems to contain cyber attack
- Scattered Spider on the hook for M&S cyber attack
Read more about data breach incident management and recovery, and learn how to explain what's happening in a cyber attack.