Cybercrime Spree That Hobbled British Retailers Now Aimed at U.S., Google Says
A cybercrime spree that targeted several major retailers in the United Kingdom has now set its sights on American companies, according to Google's Threat Intelligence Group.
"Major American retailers have already been targeted," said John Hultquist, the chief analyst for Google's Threat Intelligence Group. "We believe that this is a coordinated campaign by a group of hackers who have previously attacked several major retailers in the UK, including Marks & Spencer, the Co-op Group, and Harrods."
The attacks on British retailers have been destructive and financially motivated, with hackers stealing sensitive customer and employee data. In some cases, the hackers installed ransomware on critical systems, locking them up and demanding payment in exchange for access to the stolen information.
The Scope of the Attack
At least three top British retailers have been affected by the attacks, with Marks & Spencer forced to pause online orders for weeks due to technical issues. The Co-op Group was also infected with ransomware, with hackers providing evidence of "huge amounts of customer and employee data" stolen from the company.
Harrods restricted some internet access at store locations, although a spokesperson told NBC News that it has not seen evidence that customer data was stolen. However, Google's Hultquist said that the group responsible for the attacks is now targeting "major American retailers", and that many companies in the US have already been notified of the threats.
"U.S.-based retailers are aware of the threats posted by cybercriminal groups that have recently attacked several major retailers in the UK, and many companies have taken steps to harden themselves against these criminal groups' tactics over the past two years," said Christian Beckner, the National Retail Federation's vice president of retail technology and cybersecurity.
The Nature of the Threat
For-profit hackers have proven adept at accessing the computer systems of major companies and profiting by holding data and entire networks for ransom. The U.K. hacking campaign strongly echoes the one that shut down parts of some Las Vegas casinos in 2023.
In that case, MGM Resorts, the owner of the Bellagio and Mandalay Bay, was forced to shut down some casino floors, leaving guests unable to access their rooms with keycards. The same hackers also broke into Caesars Entertainment, but Caesars promptly paid the hackers and did not experience widespread service outages.
The current campaign appears to have largely avoided high-profile targets in the interim, but Google's Hultquist said that it is still unclear if there is a technical reason for the hackers to target retail companies. It may be due to a vulnerability in a shared industry software program, or simply because the group has identified retail as a lucrative target.
The Implications
The attack on British retailers highlights the growing threat of cybercrime worldwide, and the need for companies to prioritize cybersecurity. As one of the world's largest tech companies, Google sells services like cloud storage, networking, and security protections to many of the biggest retailers in the world.
This provides Google with significant insight into how hackers operate, allowing it to better understand the threat and provide guidance to its clients. However, the fact that major American retailers have already been targeted suggests that the attack is far from over, and that companies across the globe need to be on high alert for future attacks.