Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hacked UK retail giant Marks & Spencer (M&S) has revealed that the cyber incident it suffered was the result of a phishing attack on one of its third-party vendors.
In late April, M&S revealed it had suffered a cyber incident, resulting in many of its systems, including its online payments and click and collect services, being taken offline. It later confirmed that data had been exfiltrated by threat actors.
Now, confirming findings made by CyberNews, M&S CEO Stuart Machin said the threat actors, believed to be either the DragonForce ransomware group or the Scattered Spider hacking collective using DragonForce ransomware, resorted to phishing attacks on the staff of a third-party vendor to gain their login credentials and take over accounts.
“Unable to get into our systems by breaking through our digital defences, the attackers did try another route, resorting to social engineering and entering through a third party rather than a system weakness,” Machin told media this week.
“Once access was gained, they used highly sophisticated techniques as part of the attack.”
While Machin did not identify the third-party vendor, sources speaking with Reuters have suggested that the company is Tata Consultancy Services (TCS), a company that provides organisations with solutions to aid in their digital transformation process.
The sources claimed that “at least two TCS employees’ M&S logins were used as part of the breach”.
The UK National Security Centre (NCS) is currently collaborating with M&S as part of its response, as it also is with Harrods and Co-op, the other two major UK retailers that suffered cyber attacks attributed to DragonForce and/or Scattered Spider.
While it is unconfirmed whether or not Harrods is a partner of TCS, the consultancy partnered with Co-op in February last year, with the retailer engaging TCS for assistance in adopting a cloud-first strategy and updating its IT infrastructure.
The NCS has not confirmed whether the Co-op cyber incident is also linked to TCS.
M&S and Co-op have had drastically different recoveries following their seemingly near-identical cyber incidents. While Co-op has begun restoring stock to shelves and continues to earn revenue thanks to quick action preventing ransomware from taking hold, M&S continues to suffer from system outages preventing sales.
As a result, the company is facing a revenue loss of £300 million (just over A$625 million). Previous reports suggested that the company is losing £43 million every week.
Earlier this week, another third-party vendor to supermarkets in the UK confirmed it had suffered a cyber attack. Cold and fresh product distributor Peter Green Chilled is a supplier for supermarkets and retailers, including Tesco, Aldi, and Sainsbury’s, among others, and also provides IT services such as vehicle tracking and monitoring, temperature control systems and more.
Speaking with BBC Radio 5 Live’s Wake Up to Money radio segment, a spokesperson for Peter Green Chilled revealed that the incident took place on 14 May and has prevented the organisation from accepting orders from its clients.
However, while unable to discuss further, Peter Green Chilled managing director Tom Binks told the BBC that its transport operations were not affected.
It is currently unclear if the Peter Green Chilled incident is connected to the M&S, Co-op, and Harrods cyber attacks; however, the produce distributor does not work with the three hacked retailers.
Be the first to hear the latest developments in the cyber industry.
