4 hours ago
7
A major cyber-attack on Marks & Spencer has been linked to a hacking collective known as Scattered Spider, which is previously thought to have hit MGM Resorts and the US casino operator Caesars.
The group, which has previously been found to include people in their 20s from the UK and the US – some of whom faced charges over attempts to steal cryptocurrency via phishing attacks in the US – are reported to have encrypted key M&S systems using ransomware, according to the technology specialist site BleepingComputer.
The reports emerged as online sales at M&S – which account for an average £3.8m a day – were suspended for a fifth day.
The disruption caused by the hack – and uncertainty over when it will end – has wiped more than £500m off the stock market value of M&S in the past week as experts said it had clearly suffered a cyber-attack on a huge scale.
Industry insiders said it was rumoured that the attack had originated at one of M&S’s service suppliers and it was not clear if the company had been directly targeted.
M&S said: “As you would expect, we cannot share the details of this cyber incident.”
BleepingComputer reported the hackers had stolen M&S data as early as February that could have helped them gain access to key systems. It said the hackers had then encrypted access to a server using software from the ransomware operator DragonForce last week.
Tim Mitchell, a senior threat researcher at SecureWorks, said that while it was impossible for outsiders to confirm who the hackers were, the extent of the disruption caused to M&S indicated it had been subject to a ransomware attack. These attacks encrypt access to important systems and demand a ransom in return for a key to unlock them.
He said Scattered Spider, also known as Octo Tempest, appeared to be “quite unusual” as a hacking group in that they were largely English-speaking – unlike the majority of such groups, which are based in places such as Russia, where there is a more “permissive environment” where they have more freedom to operate.
He added: “Their motivation appears to be as much about bragging rights on those channels [where they communicate] as about money.”
after newsletter promotion
He said the hackers could have used phishing emails, gained control of a company phone number or rung up help services pretending to be M&S employees to gain access to systems.
Julius Černiauskas, the chief executive of the web intelligence experts Oxylabs, added: “Following the M&S cyber-attack and the potential involvement of hacking group, Scattered Spider, all major UK retailers will be seriously worried if they’ll be tangled in the web next. The impact on the M&S share price shows the damage these attacks can do and will have many corporate retailers working day and night to ensure they do not suffer a similar fate.
“Ransomware gangs typically target companies like M&S with the aim of causing maximum disruption to force a quick payout. Their goal is simple: the greater the disruption, the greater the pressure on the company to pay the ransom.”
Shoppers are still able to browse online and shop in M&S’s physical stores using cash or cards, but some difficulties continue in stores, with gift cards not currently being accepted. Returning goods is only possible at tills in clothing and homeware stores or via post. Food stores are not currently able to accept returns.
