Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Co-op. Show all posts
ScatteredSpider
Co-op customer data compromise Cyber Attacks cyber intrusion data security DragonForce DragonForce Ransomware Group Malware. Scattered Spider Marks & Spencer ransomware attacks Ransomwares ScatteredSpider

Scattered Spider Cyberattack Cripples M&S, Co-op: DragonForce Ransomware Causes Weeks-Long Disruption

 

Weeks after a significant cyberattack disrupted operations at major British retailers, companies like Marks & Spencer (M&S) and Co-op are still struggling to restore full functionality. Despite public reassurances, the scope of the attack is proving more serious than initially acknowledged. M&S CEO Stuart Machin recently confirmed that personal customer data had been accessed, prompting the company to require password resets for online accounts. Online orders on the M&S website remain suspended weeks after the breach, and no clear timeline has been offered for full recovery. 

The attack first became public on April 25 when M&S halted its online operations due to a cyber intrusion. Within days, Co-op revealed it had also been targeted in an attempted hack, which disrupted several services. Harrods, another luxury retailer, was also reportedly affected during this wave of cyberattacks. While M&S is still unable to process online sales, Co-op has only just resumed stocking its shelves, and both companies remain silent about when operations might return to normal. Government officials have weighed in on the seriousness of the incident. 

Cabinet Office Minister Pat McFadden called the attack a “wake-up call” for British businesses, highlighting the urgent need for enhanced cybersecurity protocols. Financial losses have been steep. M&S is reportedly losing £3.5 million per day while its website remains offline, and its stock has dropped by an estimated half a billion pounds in market value. Co-op also disclosed that customer data had been compromised, and they experienced issues with card payments at the height of the disruption. 

Investigations suggest the cybercriminal group known as Scattered Spider is responsible. Known for targeting large enterprises, the group is believed to have used a ransomware strain called DragonForce to paralyze systems. According to cybersecurity experts, the attackers may have exploited unpatched vulnerabilities and misconfigured systems to gain entry. Reports indicate they employed SIM-swapping tactics to hijack phone numbers and impersonate employees, fooling IT help desks into granting system access. Once inside, the hackers are believed to have compromised Microsoft Active Directory—a central hub that connects internal networks—potentially gaining access to crucial files and passwords. 

Though it’s unlikely they decrypted these password files directly, the level of access would have allowed them to severely disrupt internal systems. Experts say this level of infiltration can cripple multiple areas of a business, making recovery extremely challenging without a full rebuild of core IT infrastructure. One reason for the prolonged disruption may be that both M&S and Co-op chose not to pay the ransom, in line with UK government advice. While this decision aligns with best practices to avoid funding cybercrime, it also means recovery will take significantly longer. 

Despite the chaos, M&S has emphasized that no payment information or account passwords were compromised. The company is urging customers to reset their passwords for peace of mind and has provided guidelines on staying safe online. Co-op has resumed deliveries to most of its stores but acknowledged that some shelves may still lack regular stock. Empty shelves and apology signs have appeared across affected stores, as customers share their frustrations online. 

This incident underscores the growing threat posed by sophisticated cybercriminals and the urgent need for companies to prioritize cybersecurity. From exploiting human error to using advanced ransomware tools, the tactics are evolving, and so must the defenses.
Read more »
Sensitive data
Co-op Customer Data Customer Data Exposed cyber attack Data Breach Data Leak data security IT Infrastructure Sensitive data

Co-op Cyberattack Exposes Member Data in Major Security Breach

 

Millions of Co-op members are being urged to remain vigilant following a significant cyberattack that led to a temporary shutdown of the retailer’s IT infrastructure. The company confirmed that the breach resulted in unauthorized access to sensitive customer data, although it emphasized that no financial or account login information was compromised. 

Shirine Khoury-Haq, Chief Executive Officer of Co-op, addressed members directly, expressing regret and concern over the breach. She assured customers that the company’s core operations were largely unaffected by the attack and that members could continue to use their accounts and services as normal. However, she acknowledged the seriousness of the data exposure, which has affected both current and past members of the Co-op Group. 

“We deeply regret that personal member information was accessed during this incident. While we’ve been able to prevent disruption to our services, we understand how unsettling this news can be,” Khoury-Haq stated. “I encourage all members to take standard security precautions, including updating their passwords and ensuring they are not reused across platforms.” 

According to an official statement from Co-op, the malicious activity targeted one of their internal systems and successfully extracted customer data such as names, contact information, and dates of birth. Importantly, the company clarified that no passwords, payment details, or transactional records were included in the breach. They also emphasized that their teams are actively investigating the incident in coordination with the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA). 

The company said that it has implemented enhanced security measures to prevent further unauthorized access, while minimizing disruption to business operations and customer services. Forensic specialists are currently assessing the full scope of the breach, and affected individuals may be contacted as more information becomes available. In response to the incident, Stephen Bonner, Deputy Commissioner of the UK Information Commissioner’s Office (ICO), offered guidance to concerned members. “Cyberattacks like this can be very unsettling for the public. 

If you’re concerned about your data, we recommend using strong, unique passwords for each of your online accounts and enabling two-factor authentication wherever possible,” he advised. “Customers should also stay alert to updates from Co-op and follow any specific instructions they provide.” The Co-op has apologized to its customers and pledged to continue prioritizing data protection as it works to resolve the issue. While the investigation continues, members are encouraged to remain cautious and take proactive steps to safeguard their personal information online.
Read more »
Ransom
Co-op Cyber Attacks Cyber Triggers CyberCrime Cyberhackers Cyberscams CyberThreat NCSC Ransom

Co-op Hack Triggers Widespread Scam Risk for Consumers


 

Several cyberattacks on major British retailers including Marks & Spencer, the Co-op Group, and others have been attributed to social engineering, the practice of deceiving internal support teams by impersonating legitimate employees to deceive internal support teams. It has been reported that the attackers contacted the companies' IT help desks and posed convincingly as employees seeking immediate assistance. 

Using trust and urgency as a basis, they were able to persuade help desk employees to reset passwords for internal accounts, giving them unauthorised access to sensitive corporate information. Using this technique, attackers could potentially gain access to sensitive data, internal communications, and systems that may be used to further exploit or steal data, as it bypasses traditional technical safeguards. 

Once inside the networks, the attackers could potentially gain access to confidential data, internal communications, and systems that could be used for further exploitation. According to the UK's National Cyber Security Centre (NCSC), in light of these developments, all organisations should conduct a thorough review of their authentication procedures for help desks. 

As social engineering attacks are becoming increasingly sophisticated and difficult to detect, NCSC stresses the importance of implementing strict identity verification methods and training employees to recognise such techniques to prevent them from occurring in the future. Approximately 2,000 grocery outlets are operated by the Co-operative Group, along with 800 funeral homes and legal and financial services, in addition to offering food and beverage services. 

It has been confirmed that precautionary measures have been taken to protect the company's digital infrastructure. These included temporarily suspending certain internal systems that are used by retail operations and the legal department for their operations. A number of the organisation's systems have been affected, including the platform used to monitor stock levels. 

A source familiar with the matter has indicated that unresolved disruptions may result in localised supply issues, which could lead to product shortages on store shelves if not handled promptly. It was also announced that some employees' access to certain digital tools was restricted in response to the breach, so that remote work capabilities would be limited starting Wednesday. As a result of these internal disruptions, the Co-op has said that its retail stores, including those which provide rapid delivery services and funeral care branches, will remain open and operational normally despite these disruptions. 

According to the National Cyber Security Centre (NCSC), it has acknowledged its involvement in the incident and is actively supporting the Co-operative Group as they investigate it. In addition, it is believed that the company is working closely with Marks & Spencer to assess the scope and nature of an incident that occurred in a separate but similarly timed manner, with efforts underway to determine whether there is any connection between the two breaches. 

As a matter of fact, the attack on two major retailers in close succession is unlikely to be a coincidence, according to Marijus Briedis, Chief Technology Officer of Nord Security. It suggests that there has been some coordination between both retailers or perhaps even a shared vulnerability. 

According to the Co-operative Group, although its back-office operations and customer service call centres have suffered disruption, the company's network of 2,000 grocery stores and 800 funeral homes across the UK remains fully functional and continues to serve its customers without interruption, despite these disruptions. 

When the cybercriminal group Scattered Spider first gained prominence in September 2023, it was after successfully infiltrating Caesars Entertainment and MGM Resorts International, an attack which, reportedly, forced Caesars to pay a ransom of $15 million. Recently, the group has been operating in the UK, and they seem to have changed their approach to attacking IT personnel by using sophisticated social engineering tactics rather than technical exploits. 

It has been reported that one of the suspects, Scottish national Tyler Buchanan, has been extradited to the United States from Spain, where he has been charged with attempting to compromise several corporate networks. As a result of Buchanan and his network's involvement in numerous complex and multistage cyber intrusions, U.S. prosecutors are emphasising the growing threat cybercrime poses to society. 

Despite Marks & Spencer's continued efforts to restore its digital systems, and as the Co-op assesses the full extent to which customer data might be exposed by the incidents, critical cybersecurity vulnerabilities have been revealed in enterprise cybersecurity protocols. It has become increasingly important for organisations to prioritise layered, adaptive security frameworks that go beyond traditional defences to combat threats from attackers exploiting human behaviour over system weaknesses. 

It is ultimately clear that in a digital-first economy, the presence of cyber threats must be built into every aspect of the organisation, and to do so, organisations must embed cybersecurity into every aspect of their business. It remains a fact that human factors are the most exploited vulnerability, and without constant vigilance and robust incident response plans, even industry leaders are vulnerable. As M&S continues to deal with major problems caused by a cyber attack attributed to the hacking collective Scatter Spider, the problems have emerged. 

In light of the M&S incident, the Co-op did not comment on whether the extra checks it had conducted resulted in the detection of attempted attacks on its systems. However, it did inform staff of the importance of protecting our systems, mentioning the recent issues surrounding M&S and the cyber-attack they have experienced in the past few weeks. As part of its commitment to reducing costs and preventing shoplifting, the company announced that technology would play an important role in reducing costs and preventing shoplifting. 

The Co-op's grocery stores are currently introducing new technologies such as electronic shelf edge pricing to reduce labour hours, as well as expanding fast-track online grocery delivery services. Morrisons has been at the centre of cyberattacks in the last couple of years. In the run-up to Christmas last year, the retailer suffered from an incident at its tech supplier Blue Yonder that caused the retailer to become extremely vulnerable to cyber threats. 

As recently as 2023, WH Smith was attacked by cyber criminals who illegally accessed their company information, including the personal details of current and former employees. This occurred less than a year after a cyber-attack on WH Smith's Funky Pigeon site forced the store to stop accepting orders for about a week following a cyber-attack. As a result of the recent cyber attacks on leading UK retailers, such as Marks & Spencer and the Co-operative, there is now an urgent and escalating challenge facing the UK: cybercrime is becoming a more prevalent threat in an increasingly digital retail environment. 

In addition to enhancing customer experience, retailers are increasingly embracing advanced technologies to increase efficiency, reduce operational costs, and improve efficiency, but they also increase their exposure to cyber risks, particularly those originating from human manipulation and procedural errors. It is important to note that in a complex ecosystem where automation, remote access systems, and third-party technology partnerships are converging, a single vulnerability can compromise entire networks, resulting in a complex ecosystem. 

It is important for cybersecurity tnot to be viewed simply as a technical function but rather as an integral part of every layer of an organisation's operations. Managing these threats requires organisations to use a holistic approach - issuing regular training to staff on social engineering awareness, setting up thorough verification processes, and auditing access control systems regularly - to mitigate such threats. 

In order to avoid reactive measures, the implementation of zero-trust frameworks, the cooperation with cybersecurity experts, and continual incident simulation exercises must become standard practice instead of reactive ones. For businesses to keep up with the pace of cybercriminals, as they often operate across borders using coordinated tactics, they must also evolve. In addition, boards and leadership teams are responsible for cybersecurity resilience by ensuring that adequate investments, governance, and crisis management plans have been established. 

Additionally, regulatory bodies and industry alliances should make an effort to establish unified standards and collaboratively share threat intelligence, particularly in sectors regarded as high risk. It is not an isolated incident; the recent breaches are a sign of a broader pattern that reveals a systemic vulnerability in the retail supply chain as a whole. The digital age has made it increasingly difficult to ignore cybersecurity when it comes to businesses that depend on trust, reputation, and uninterrupted service crucial element of long-term survival and customer trust.
Read more »
Subscribe to: Posts (Atom)