What is cyber attack: M&S and Harrods face losses over $930m

A recent cyberattack has hit M&S and Harrods, resulting in estimated losses of over $930m, with the Scattered Spider hacking group linked to the incident, causing disruption to online orders and operations, and prompting a UK police and cybersecurity agency investigation.

The ransomware attack has affected the retail sector, with experts warning of increased vulnerability, and M&S's market value dropping 6.5% following the attack. This incident is not an isolated one, as Sir Dan Moynihan, head of Harris Federation, a group of 55 schools in London and Essex, was hacked by Russian ransomware crime group REvil four years ago, with the hackers demanding $4m in cryptocurrency within 10 days.

The attack on M&S has left other companies on high alert, with one retailer saying they are "patching like mad" to ensure their systems are up-to-date, and according to the UK government's cyber security breaches survey, 74% of large businesses reported being targeted by cyber attacks last year. The Scattered Spider threat actors are known for social engineering attacks and phishing, and have been linked to other high-profile breaches and ransomware attacks, including the BlackCat ransomware.

The attack on M&S began as early as February, resulting in the theft of the Windows domain's NTDS.dit file, containing password hashes for Windows accounts, and the threat actors used these credentials to deploy the DragonForce encryptor to VMware ESXi hosts on April 24th, encrypting virtual machines and causing widespread disruption to the company's operations. The company has sought help from CrowdStrike, Microsoft, and Fenix24 to investigate and respond to the attack.

As the investigation continues, M&S is likely to face many difficult days ahead as a result of the cyber attack, and the incident serves as a reminder of the importance of cybersecurity in the retail sector, with companies urged to take proactive measures to protect themselves against such threats.