Marks & Spencer, Co-op Cyberattackers Duped IT Help Desks Into Resetting Passwords, Report Says
Cyberattacks on two major British retailers, Marks & Spencer (M&S) and Co-op Group, have raised concerns about the vulnerability of companies' help desks to sophisticated hacking tactics. According to technology specialist site BleepingComputer, the hackers impersonated employees and successfully tricked the IT help desks into resetting the impersonated employees' passwords, allowing them to gain access to the network.
The Attack: A Sophisticated Social Engineering Scam
BleepingComputer reported that the hackers employed a classic social engineering tactic to deceive the IT help desks. They contacted the retailers' employees, posing as their colleagues and convincing them to reset the employees' passwords. This allowed the hackers to gain unauthorized access to the network, exposing sensitive customer data.
Consequences: Financial Hit and Reputation Damage
The cyberattack on M&S has already taken a significant toll on the company's finances. Shares in the retailer plummeted by 4% on Tuesday, extending losses since it first disclosed the incident on April 22 to 12%. The Co-op Group also declined to comment on the BleepingComputer report.
Analysts at Deutsche Bank estimate that M&S will suffer a profit hit of approximately £30 million ($40 million) so far, with the weekly loss rate estimated at around £15 million. Cyber insurance is likely to cover most of this amount, but its coverage period is usually limited. The biggest costs from a cyberattack, experts warn, are typically the cost of lost business and any fines or damage to reputation that may result.
A Call for Action: Reviewing Help Desk Processes
In response to the attacks, Britain's National Cyber Security Centre (NCSC) has recommended that all companies review their help desk processes to detect and block similar breaches. "Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant," said Jonathon Ellison, national resilience director at NCSC. "Attacks like this are becoming more and more common. And all organizations, of all sizes, need to be prepared."
Recovery Efforts: A Long Road Ahead
The recovery period for M&S may take weeks or even months. Ciaran Martin, the former CEO of NCSC, noted that the length of the recovery period was not unusual given the need to rebuild computer networks after a serious attack.
Meanwhile, a group calling itself DragonForce has claimed responsibility for the attacks on both M&S and Co-op Group, as well as London department store Harrods. BleepingComputer had previously reported that the attack on M&S was believed to have been conducted by a hacking collective known as "Scattered Spider," deploying DragonForce ransomware.
Protecting Against Cyber Threats: A Growing Concern
The cyberattack on M&S serves as a stark reminder of the ever-growing threat landscape. As experts warn, all organizations must be prepared to face such attacks and have robust security measures in place to protect against them.