Yazılar

UK Police Arrest Four Suspects Over Cyberattacks on M&S, Co-op, and Harrods

/in /tarafından

Four individuals under the age of 21 have been arrested in connection with cyberattacks that disrupted operations at major UK retailers Marks & Spencer (M&S), the Co-op, and Harrods, the National Crime Agency (NCA) announced on Thursday. The most severe incident occurred in April when a ransomware attack forced M&S to halt online clothing sales for nearly seven weeks, resulting in an estimated £300 million ($400 million) loss in operating profit.

The arrested suspects include three males aged 17, 19, and 19, and a 20-year-old woman. They were detained at their homes in the West Midlands and London. The NCA said they face allegations including offenses under the Computer Misuse Act, blackmail, money laundering, and involvement in organized crime. Authorities also seized their electronic devices, and the suspects are currently being questioned by the NCA’s National Cyber Crime Unit.

M&S Chairman Archie Norman revealed to lawmakers that the company had engaged with the U.S. FBI regarding the cyberattack. He suggested that loosely connected groups, possibly led by a hacking collective known as DragonForce, were behind the incidents. Norman also advocated for UK businesses to be legally mandated to report significant cyberattacks, noting that some major breaches recently went unreported.

M&S resumed online clothing orders on June 10 after a 46-day suspension, although click-and-collect services remain offline. CEO Stuart Machin expressed confidence that the company would be through the worst of the attack’s impact by August.

Cyberattacks on M&S and Co-op Originated from Help Desk Deception, Says Report

/in /tarafından

Cybercriminals launched recent attacks on British retailers Marks & Spencer (M&S) and Co-op Group by impersonating employees to trick IT help desks into resetting passwords, according to a report by BleepingComputer. This social engineering tactic allowed hackers to gain initial access to internal systems.

The UK’s National Cyber Security Centre (NCSC) responded by urging all organisations to re-evaluate their help desk protocols, warning that online criminal activity like ransomware and data extortion is on the rise and that even large enterprises are vulnerable to such basic forms of manipulation.

While both M&S and Co-op declined to comment, the consequences of the M&S breach are already being felt. Shares dropped 4% on Tuesday and are down 12% since the cyber incident was disclosed on April 22. The company halted online orders for clothing and home products via its website and app on April 25, with no timeline for resumption. Some food product availability has also been disrupted.

Deutsche Bank analysts estimate the incident has cost M&S around £30 million ($40 million) so far, with an ongoing weekly impact of approximately £15 million. Though cyber insurance may offset part of the loss, it typically covers a limited time period. The broader risks include loss of consumer trust, data breach fines, and long-term reputational damage.

Ciaran Martin, former CEO of the NCSC, noted that the recovery time for such attacks is often lengthy due to the need to completely rebuild compromised IT networks.

Meanwhile, a group identifying as DragonForce claimed responsibility for attacking both M&S and Co-op, as well as stealing staff and potential customer data from the latter. The same group also claims responsibility for attacking Harrods. The report also links the cyberattack on M&S to the Scattered Spider” hacking collective, known for using DragonForce ransomware, although the NCSC said it could not confirm the connection.

New extortion tactic from ransomware gangs? Utilizing calls to the front desk

/in /tarafından

The scenario described reflects the growing trend of ransomware gangs resorting to telephone contact as a means of pressuring companies to pay ransom demands. In this case, the hacker representing the ransomware gang DragonForce attempted to intimidate the victim company’s employees into compliance. Devamını Oku