Major Cyber-Attack on Marks & Spencer Linked to Hacking Group Scattered Spider
In a significant escalation of cyber threats facing major retailers, Marks & Spencer (M&S) has been the target of a cyber-attack attributed to the hacking collective known as Scattered Spider. This group, which has made headlines in the past for targeting large organizations like MGM Resorts and Caesars, has now drawn attention for its recent activities, indicating a worrying trend in cybercrime.
Scattered Spider, a collective reportedly comprised of individuals primarily in their 20s from both the UK and the US, has a track record of engaging in fraudulent activities, including attempts to steal cryptocurrencies through phishing operations in the United States. According to reports from the technology news site BleepingComputer, M&S fell victim last week when the hackers deployed ransomware, leading to the encryption of critical systems within the company.
Adding to the severity of the situation, M&S has been forced to suspend its online sales operations for the fifth consecutive day. The halt in online transactions has resulted in an estimated loss of £3.8 million per day, which is substantially impacting the company’s overall revenue. Market analysts have speculated that the disruption caused by the cyber-attack has obliterated more than £500 million from M&S’s stock market valuation over just a week, reflecting the colossal impact of cyber threats on corporate stability.
Insider information suggests that the initial breach may have originated from one of M&S’s service providers. However, at this stage, it is still unclear whether M&S was the intended target of the attack or a collateral damage in a wider assault. In a cautious statement, M&S representatives remarked, “As you would expect, we cannot share the details of this cyber incident,” indicating the sensitive nature of the breach and the potential implications for their operational protocols.
The specifics of the attack raise significant concerns among cybersecurity experts. Reports indicate that hackers may have begun collecting M&S data as early as February, which could have provided them with the necessary intelligence to facilitate access to key systems. The latest hacking attempted to encrypt a server utilizing software developed by the notorious ransomware group DragonForce.
Tim Mitchell, a senior security researcher at Secureworks, underlined that the far-reaching disruptions experienced by M&S are emblematic of a ransomware attack—a crime where access to vital systems is encrypted, and a ransom is demanded to restore normalcy. He emphasized that while confirming the identity of the hackers from the outside remains a challenge, the chaos resulting from the attack strongly indicates that M&S is indeed facing a pronounced ransomware crisis.
Mitchell also noted the unique characteristics of Scattered Spider, stating, "The group appears quite unusual compared to other hacking organizations, primarily because they communicate in English and operate in regions like the UK and the US." This is in stark contrast to many hacking collectives based in Russia, where a more permissive atmosphere allows for broader operational freedom. Mitchell suggests that the motivations behind Scattered Spider may extend beyond monetary gain, possibly including elements of notoriety within their communication channels.
Experts like Julius Černiauskas, CEO of web intelligence firm Oxylabs, have voiced concerns regarding the broader implications of this cyber-attack. He remarked on the heightened anxiety that retailers across the UK must now be feeling, understanding that they could also fall prey to such opportunistic criminal activities. Černiauskas highlighted that ransomware gangs typically focus on companies like M&S with the intent of creating maximum disruption, which in turn increases the pressure for the company to comply with ransom demands.
Despite the ongoing crisis, M&S has taken measures to continue serving its customers. While online shopping remains suspended, customers can still physically visit stores and conduct transactions using cash or cards. However, complications persist, such as the current inability to accept gift cards. Additionally, there are restrictions regarding the return of goods, which can only be processed at registers in clothing and homeware locations or via postal services, with returns in food stores rendered impossible at this time.
As this situation unfolds, it represents not only a pressing concern for M&S but also a pivotal moment for retailers everywhere, underscoring the necessity for robust cybersecurity measures to protect against increasingly sophisticated threats in the digital landscape.