UK Arrests Four Linked to M&S, Harrods Cyberattacks
The UK's National Crime Agency has made significant progress in its investigation into a series of disruptive cyberattacks that targeted leading British retailers earlier this year. The agency has arrested four individuals, including three teenagers and a 20-year-old woman, on suspicion of Computer Misuse Act offenses, blackmail, money laundering, and participating in the activities of an organized crime group.
The arrests were made in connection with an investigation into hacks in April that targeted Marks & Spencer Group Plc, Co-Op, and Harrods. The attack on M&S locked down the company's internal systems with ransomware, causing weeks of disruption to online sales and an estimated £300 million hit to its operating profit.
The Co-Op said hackers stole data from its internal systems on a "significant number" of customers, while Harrods did not respond to a request for comment. The suspects were arrested at their home addresses on Thursday and had electronic devices seized by the National Crime Agency.
A Major Blow to Cybercrime Investigation
The arrests are a significant step in the investigation into the attacks, which was one of the agency's top priorities. Paul Foster, head of the National Crime Agency's cybercrime unit, said: "Today's arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice."
A Global Problem with a Local Connection
Retail companies around the world have been plagued by a campaign of cyberattacks, which some researchers attribute to Scattered Spider, a loosely affiliated English-speaking hacking gang that targets companies and individuals. A group resembling Scattered Spider recently moved from targeting retail to insurance companies and airlines, according to Charles Carmakal, chief technology officer at Google's Mandiant.
A Collaborative Effort
The hackers worked with another cybercrime gang, known as DragonForce, to carry out the UK retail attacks. Dragonforce rents out malicious software, known as ransomware, to other hackers. Typically, ransomware encrypts files stored on computers and the hackers then demand payment in cryptocurrency to unlock the files.
A Lesson in Sophistication
The incident occurred as a result of "sophisticated impersonation" of one of the retailer's third-party users, Marks & Spencer Chairman Archie Norman told a UK parliamentary committee on Wednesday. "It's fair to say that everybody at M&S experienced it," he said. "We're still in the rebuild mode and will be for some time to come." Though things would return to normal for customers by the end of this month.
A Call to Action
As cyberattacks continue to plague retailers and individuals around the world, it's clear that a collaborative effort is needed to tackle these digital threats. The National Crime Agency's arrests are a significant step in this direction, but more work needs to be done to ensure those responsible for such attacks are held accountable.