The cyber attack that M&S has been battling for more than a week has been linked to a collective of hackers aged as young as 16.
The group, known as Scattered Spider, is a loosely organised network of hackers with a history of using sophisticated techniques to obtain usernames and other login credentials in order to infiltrate company networks.
Once in, they will freeze critical functions and demand a ransom to unlock them.
The cyber attack on M&S, which the retailer first informed customers of last Tuesday, has disrupted contactless payments, online orders, its loyalty app and charitable food donations from stores. Deliveries of stock are also said to have been impacted, leading to reports of empty shelves in some stores.
The crisis has wiped 5% from the retailer’s share price over the past five days.
“Scattered Spider is not a group that is organised in the manner of traditional ransomware groups we associate with Russian-speaking cybercrime,” said Robert McArdle, director of forward threat research at Trend Micro.
“They are a much looser connected network of individuals who assemble together for individual attacks and resemble the structure of hacktivist groups like past activity of Anonymous. Scattered Spider has routinely targeted retail providers – as shown by the domain names registered by the group for use in phishing campaign efforts – so targeting M&S would be ‘on-brand’.”
The group “stands out in the techniques it uses to attack organisations”, added McArdle. “It leverages helpdesk and phone-based social engineering, where malicious attackers pose as staff to trick an organisation’s IT department into password resets.”
According to technology news site BleepingComputer, which was first to report claims of Scattered Spider’s involvement, the group is believed to have first breached M&S’s systems as early as February.
Camellia Chan, CEO and co-founder of AI cybersecurity firm X-PHY, said: “Groups like Scattered Spider aren’t just locking companies out of their systems – they’re embedding themselves deep inside critical infrastructure, moving quietly, and striking at the worst possible moment.”
In its latest update on the crisis, on Friday, M&S said: “As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps. Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.
“We informed customers on Tuesday that there was no need for them to take any action. That remains the case, and if the situation changes we will let them know.
“Our experienced team - supported by leading cyber experts - is working extremely hard to restart online and app shopping.”
The retailer said this morning it had no further update.
No comments yet