Reports say the group, thought to include members as young as 16, known as ‘Scattered Spider’ is involved in the ongoing incident that hit M&S stores and online orders. M&S is losing millions worth of sales while it suspends online sales of clothing & homewares.
It emerged as M&S has been forced to suspend almost all sales through its website. The move is proving very costly – as well as an embarrassment – given M&S generated nearly £1.3bn of sales of clothing & homewares from online in the year to Mar. 2024. The retailer had earlier temporarily halt contactless card payments at stores too.
Silent
M&S has remained silent about the source of the attack, although it is believed to be working with GCHQ’s National Cyber Security Centre (NCSC) as well as an outside firm of experts.
However, reports have now emerged suggesting a notorious hacking gang called ‘Scattered Spider’ could be involved in what is believed to be a ransomware attack.
Such attacks typically happen when criminals get their way into IT systems before using a computer virus to encrypt – or lock – files & then demand money to unlock the contents. While there is no evidence at this stage with M&S, there have been concerned that stolen information could be released on the ‘dark web.’
February
According to the website BleedingComputer, M&S’s servers were 1st breached in Feb. However, it says those behind it then deployed a hacking tool known as ‘DragonForce’ on April 24.
The report says an investigation so far has thrown up the possible involvement of ‘Scattered Spider,’ known to tech giant Microsoft as ‘Octo Tempest.’ The group is thought to include English-speaking members – some as young as 16 – who frequent the same online hacking forums. These forums are then used to conduct attacks in real time.
Extort Money
‘BleedingComputer’ says the group initially started in financial fraud but has evolved & has targeted corporations to try to extort money. It was linked to a cyber-attack on MGM Resorts (incl. Caesars Palace Casino) in Sept. 2023 via its IT helpline for employees. Allegedly MGM Resorts paid the group $15m to restore services.
M&S has seen 100s of millions wiped from its stock market value since the incident emerged. It is setback for the company after finally enjoying a recovery after years of weak performance.
Message
A message on the M&S website says:
As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites, apps & over the phone. Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.
“We have informed customers that there is no need for them to take any action. That remains the case, & if the situation changes we will let them know.
Our experienced team – supported by leading cyber experts – is working extremely hard to restart online & app shopping. We are incredibly grateful to our customers, colleagues & partners for their understanding & support.”
Sophisticated Threat
Nathaniel Jones, from cyber security experts Darktrace, explained: “The alleged confirmation that ‘Scattered Spider’ is behind the M&S attack via the ‘DragonForce’ encryptor highlights the sophisticated threat this group poses to major organisations.
“From the outside looking in, it appears M&S is looking to contain any malicious activity by taking likely impacted systems offline. Unfortunately, we can see how quickly these incidents can cripple retail operations across both digital & physical channels, with the suspension of online orders showing the cascading impact on revenue streams.”
It came as some Marks & Spencer stores were left with empty shelves as the high street chain continues to be disrupted. The retailer outlined that it has “pockets of limited availability” in some of its shops & stated it is “working hard” to get availability back to normal.
Temporarily Offline
A spokeswoman commented: “As part of our proactive management of the incident, we took a decision to take some of our systems temporarily offline. As a result, we currently have pockets of limited availability in some stores. We are working hard to get availability back to normal across the estate.”
It is understood that some packaged food deliveries from M&S to online grocery partner Ocado have also been affected by the cyber incident.
