Key insights
- UK retailers endured a wave of targeted cyberattacks between May and the end of last year.
- According to reports, cloud readiness played a major role in how fast companies recovered from cyberattacks.
- Many retail cyber incidents from last year likely went unreported.
The UK retail sector recently faced one of its toughest tests of last year. According to law enforcement, a wave of cyberattacks hit major brands, drained revenue and exposed deep weaknesses in retail technology systems.
The attackers reportedly chose their targets very carefully and relied less on advanced code and more on human trust.
Related: North Koreans Hackers Stealing Crypto with Fake Zoom Calls
UK Retailers Targeted by a Coordinated Hack Wave
Several well-known UK retailers suffered serious hacks in the heat of the Scattered Spider attacks.
For example, Marks & Spencer, the Co-op and Harrods stood out as the most affected. UK Law enforcement noted that the group used DragonForce ransomware tools to gain leverage over victims.
Notably, UK law enforcement arrested four suspects in July, and all happened to be teenagers. The arrests showed how young and organised cybercrime networks can be.
Marks & Spencer estimated losses of £300 million, while the Co-op reported revenue losses of £206 million.
How the M&S Attack Unfolded
During a UK Parliament Committee hearing, M&S chairman Archie Norman confirmed the attackers used Scattered Spider methods and DragonForce ransomware. However, he did not say whether the company paid a ransom cyberattacks.
Norman explained that cyberattack attackers gained access through social engineering. The hack also involved a third-party supplier and stolen credentials from Tata Consultancy Services.
However, instead of speaking directly with the attackers, M&S relied on professional intermediaries.
The cyberattack forced M&S to halt online orders for several months, and systems had to be rebuilt from the ground up.
Why the Co-op Recovered Faster
While the Co-op was also hit, its recovery timeline looked very different and stock levels returned to normal by late May. Most stores also resumed normal trading in June.
According to reports from the Financial Times Cyber Resilience Summit, MP Alison Griffiths explained that this happened because of differences in technology strategy.
For example, the Co-op had moved much further away from legacy systems, and its cloud migration was already well underway. This reduced the time attackers could operate freely inside systems. It also sped up recovery.
M&S on the other hand, had been slower to modernise and rebuilding its systems took four months. During that period, attackers still had room to cause damage.
Why Retail Is an Easy Target
Retail companies present attractive opportunities for bad actors, and M&S alone has around 50,000 employees. This explains why retail outlets are often more targeted than their counterparts.
Retailers also handle valuable data like payment details, customer behaviour and internal business data.
Brent R. Tomlinson of Kroll described retail as a target-rich environment, where many companies struggle with old systems and limited security spending.
Overall, the scattered spider attacks exposed several hard truths for the cyberspace in the UK and other parts of the world.
Technology alone cannot stop hacks, and other factors matter just as much. The cloud migration reduced recovery time and information sharing improved response speed.
Disclaimer: BFM Times acts as a source of information for knowledge purposes and does not claim to be a financial advisor. Kindly consult your financial advisor before investing.
