Hackers may ‘try their luck’ with other retailers after M&S breach, experts say

Cybercriminals are becoming “increasingly opportunistic” and willing to “try their luck” with cyber attacks on firms in the same sector, experts have said after Harrods confirmed it was the latest retailer to be targeted.

The luxury London department store said it had restricted internet access across its sites on Thursday as a precautionary measure following an attempt to gain unauthorised access to its systems.

It follows a serious ransomware attack on Marks & Spencer that has forced the company to suspend online orders and halt all recruitment, and the Co-op has also confirmed it was the target of an attempted breach, and it too has shut down some of its IT systems as a precaution.

Jake Moore, global cybersecurity adviser at Eset, said other retailers being targeted in the wake of the M&S breach was “typical”, as hacking groups are often inspired to “try their luck” by using the same type of ransomware elsewhere.

“It’s typical for similar companies in the same sector to become secondary targets after a huge cyber attack,” he said.

“As the strain of ransomware called DragonForce can simply be purchased on the dark web in a model called ‘ransomware-as-a-service’, other hacking groups are also able to attempt their luck on similar businesses and start demanding ransoms where possible.

“It is often a precautionary measure to shut down parts of a system after a major cyber attack to mitigate any threats and prevent similar breaches.

“However, attacks involving the DragonForce ransomware most commonly start by targeting known vulnerabilities such as attacking systems that have not been kept up to date with the latest security patches, so businesses need to be extra vigilant and improve how quickly they update their networks.”

Cybersecurity expert Cody Barrow, chief executive of EclecticIQ, said the flurry of attacks showed cybercriminals are becoming bolder.

“Coming on the heels of recent breaches at Co-op and M&S, it highlights an alarming trend: attackers are becoming increasingly opportunistic, exploiting weaknesses across complex, highly interconnected supply chains,” he said, warning that artificial intelligence was also making it easier for lower-skilled hackers to put together sophisticated attacks.

“What’s deeply concerning is generative AI is accelerating the threat landscape.

“Sophisticated phishing campaigns, deepfake social engineering, and adaptive malware are now within reach of even low-skilled attackers.

“This widespread access to advanced attack tools is driving up attack volume, speed, and complexity.”

According to reports, a hacking group known as Scattered Spider is said to be behind the M&S attack, although this has not been confirmed.

It also remains unclear if the three attacks are linked.

Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, said the attacks could be linked by a common piece of technology used by all three firms that has a vulnerability, or that Co-op and Harrods had stepped up their own security response in the wake of the M&S breach.

“Details of the cyber attack at Harrods are still low and we shouldn’t rule out that the three incidents impacting M&S, Co-operative and Harrods are coincidence,” he said.

“However, with the information publicly available we can see two other likely scenarios: either a common supplier or technology used by all three retailers has been breached and used as an entry point to big-name retailers, or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn’t have previously judged a risk.

“It’s a lesson again in the growing difficulty large organisations have in securing against threats in their supply chain, particularly as those threats grow in volume and sophistication.”