**M&S, Co-op Cyberattackers Duped IT Help Desks into Resetting Passwords, Says Report**

A recent cyberattack on Marks & Spencer (M&S) and the Co-op Group has revealed a sophisticated tactics used by hackers to gain access to the retailers' networks. According to technology specialist site BleepingComputer, the attackers impersonated employees and contacted the retailers' IT help desks, convincing them to reset the impersonated employees' passwords.

This tactic is known as "spear phishing," where hackers use personalized information to trick victims into taking certain actions. In this case, the attackers were able to gain access to the network by convincing the IT help desks to reset the passwords of the impersonated employees.

The National Cyber Security Centre (NCSC) has recommended that all companies review their help desk processes to detect and block these types of breaches. "Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant," said Jonathon Ellison, national resilience director at the NCSC. "Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared."

The attack on M&S was first reported in April, when the retailer disclosed that it had been targeted by hackers. The company has since stopped taking clothing and home orders through its website and app, although it has not said when online ordering will resume.

Analysts at Deutsche Bank estimate a profit hit of about 30 million pounds ($40 million) so far and the run rate at about 15 million pounds a week, given the knock-on effect on food. Cyber insurance is likely to cover most of the losses, but the coverage is generally for a limited amount of time.

Other expenses include immediate remediation with external cyber security and IT technology partners and future-proofing the business. The disruption could last for weeks, and the length of the recovery period at M&S has been described as not unusual so far, given the need to rebuild computer networks.

The attack on M&S is believed to have been conducted by a hacking collective known as "Scattered Spider" deploying DragonForce ransomware. However, the National Cyber Security Centre said it could not say if the attacks were linked.

The Co-op Group has also been targeted by hackers, with a group calling itself DragonForce telling the BBC that it had stolen the data of staff and potentially 20 million customers from the Co-op.

**Financial Impact**

The attack on M&S has had significant financial implications for the retailer. Shares in M&S were down 4% on Tuesday, extending losses since it first disclosed the cyber incident on April 22 to 12%. The company has not disclosed the full extent of the financial impact of the attack, but analysts at Deutsche Bank estimate a profit hit of about 30 million pounds ($40 million) so far and the run rate at about 15 million pounds a week.

**Recovery Efforts**

The recovery efforts are ongoing, with M&S working to rebuild its computer networks. The length of the recovery period is expected to be several weeks.

In addition to the financial implications, the attack on M&S has also highlighted the importance of cybersecurity for retailers. The National Cyber Security Centre has recommended that all companies review their help desk processes to detect and block these types of breaches.

**What Can Be Learned from this Attack?**

The attack on M&S and the Co-op Group highlights the importance of cybersecurity for retailers. It shows that hackers are becoming increasingly sophisticated in their tactics, and that retailers must be prepared to respond quickly and effectively to these types of attacks.

In particular, the use of spear phishing tactics by the attackers is a significant concern. This type of attack can be difficult to detect, and it requires companies to have robust cybersecurity measures in place to prevent these types of breaches.

**Conclusion**

The attack on M&S and the Co-op Group is a reminder that cybersecurity is an ongoing challenge for retailers. It highlights the importance of robust cybersecurity measures, including help desk processes, to detect and block these types of breaches.

As the National Cyber Security Centre has recommended, all companies must be prepared to respond quickly and effectively to these types of attacks. By taking proactive steps to prevent cyberattacks, retailers can minimize the financial impact of these types of incidents and protect their customers' sensitive data.