There were empty shelves at some Marks & Spencer stores on Tuesday as the company reels from a cyberattack, with one expert warning it could still take days for the retailer to resume normal operations.
The retailer confirmed there were “pockets of limited availability” in some shops as a result of its “decision to take some systems temporarily offline” in response to the attack – but said it was “working hard” to get availability back to normal.
M&S has been grappling with a major “cyber incident” for more than a week now, in an incident which first caused problems for its contactless payments and click and collect orders and has since wiped millions off its market value.
Last Friday, it paused orders through its website and app, which have remained down as it tries to resolve the problem.
A hacking group operating under the name Scattered Spider and claimed to involve British and American teenagers has been linked to the attack, according to reports, with tech news outlet Bleeping Computer first linking the hacking group to a potential ransomware attack.
According to The Telegraph, investigators believe the attackers used a hacking tool from a group known as DragonForce, which bills itself as a “ransomware cartel”, to carry out the breach.
Professor Alan Woodward, a cyber security expert at the University of Surrey and former adviser to the EU’s law enforcement agency Europol, told The Independent that although little is known about the nature of the cyberattack, it could still feasibly be days before M&S is able to resume operations.
“I suspect one of reasons it’s taking so long to do all of this is an abundance of caution being exercised – and what they’re doing is they are turning over every rock and making sure there’s nobody still in there,” said Prof Woodward.
“Because one of the worst things is if a hacker has got in, let the ransomware go, and they can persist on the network, then you might clear it – you might get out of it [the attack] – but they’ll just pop back up again.”
He added: “M&S find themselves in a very difficult place. They know they’re losing money hand over fist, but at the same time they don’t want to put the systems back on prematurely until they can be absolutely sure that they’re safe to use.”
“These systems take a long, long time to build so you can imagine they take a long, long time to analyse as well,” said Prof Woodward. “The software’s incredibly complicated, you’ve got big systems interoperating with each other, so there’s a lot of little nooks and crannies to hide [in].”
The latest Cyber Security Breaches Survey, published by the UK government earlier this month, showed that four in 10 businesses were affected by a cyber attack or breach in the last year – a slight drop on the previous year.
Describing the UK as being “probably better prepared than many other countries”, Prof Woodward said: “Most of the big companies actually do work with our National Centre for Cyber Security, and they share intelligence.”
He added: “So as soon as M&S was hit that would be flagged to everybody else and they would be able to look for indicators of compromise and see if anything had happened to their own system.
Noting that “there are hundreds of attempts a day on these companies to try and penetrate their networks, Prof Woodward continued: “What we’re seeing here is that one success out of a hundred that’s got through on one company, and it’s having a major impact.
“If they manage to paralyse the right bit of an organisation, they can just stop it trading.”
M&S has been approached for comment.
Additional reporting by PA
Leave a Reply