Three massive UK retailers have been hit by cyber attacks this week – so what's going on?

POS system (point of sale system) shown in retail supermarket environment in bright colours on LED screen
(Image credit: Future)

  • A third British retailer has been hit with a cyberattack
  • The M&S incident is likely a ransomware attack from ScatteredSpider
  • Retailers are at risk due to high downtime costs

Luxury department store Harrods has become the third British retailer to be hit by a cyberattack in a matter of days, with the firm restricting internet access at its sites following an attempt to gain access to its systems.

The incident closely follows the confirmation that an earlier attack targeting Marks & Spencer, causing widespread outages in stores and the retailer’s online platform, is allegedly the work of ScatteredSpider hackers.

The third incident, a cyberattack on retail giant Co-Op, forced the supermarket to take down parts of its IT systems and take proactive measures to defend against the attackers.

There are certainly similarities between the reports of the incidents, and in such quick succession it seems likely there may be a link between them, but the extent of the attacks is yet to be seen - here’s what we know so far.

Despite the timings and the similarities, there’s no official link between the incidents, although it’s likely that all three incidents are ongoing, so more information may be revealed as the attacks unfold.

In the meantime, security teams should be ultra vigilant, and should deploy the best endpoint protection software to keep their organisation safe.

SonicWall’s Executive VP of EMEA, Spencer Starkey explains ransomware, “holds victim organizations' business operations hostage, which uniquely impacts retailers and other organizations that provide daily, direct services to their customers”.

As we’ve seen in the continued disruption of the M&S attack, these incidents can have a devastating effect, with the supermarket’s share price falling 7%, causing millions in lost sales and downtime.

Starkey explains these attacks are particularly harmful to retailers as they directly affect revenue generation, which provides additional leverage for the attackers, and warns that companies should be operating on the presumption that they will inevitably be targeted, so should develop a comprehensive incident response plan.

Not if, but when

Concerns are rising for businesses across the country, and retail attacks have risen sharply since the development of AI tools designed to help cybercriminals send out more frequent and sophisticated attacks.

The head of the National Cyber Security Centre (NCSC), Dr Richard Horne, has warned that these attacks should serve as a “wake-up call” for all organizations, and urges security leaders to ensure they have “appropriate measures in place to help prevent attacks and respond and recover effectively.”

Ex-NSA cyber chief, Cody Barrow, also warns generative AI is “accelerating the threat landscape,” and that sophisticated attacks like social engineering and adaptive malware campaigns are now available to even low-skilled attackers.

In particular, criminals are able to send out an incredible number of social engineering attacks, that are designed specifically to trick victims into giving attackers access to their networks.

Security best practices recommend using the best antivirus software, best malware removal software, and training all staff to recognise phishing attacks.

These attacks outline just how vulnerable the sector is, and Barrow argues this is “due to the volume of customer data and the high cost of operational downtime”. Although, the reality is that almost all sectors are facing more threats than ever.

“Retailers must assume they are targets. Rehearsed incident response plans, clear communication protocols, and multi-factor authentication for administrative access are now essential. Endpoint detection and response tools should be standard, not optional. For consumers, vigilance is crucial: update passwords, monitor financial activity, and watch for scams exploiting recent breaches.”

You might also like

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.