Hacking Groups, Financial Fallout, and Reopening Online Operations

Marks & Spencer has recently reopened its online ordering system after a cyberattack. The incident is projected to cost the British retailer £300 million in profits this year. A new hacking group, DragonForce, has been linked to the attack.

DragonForce reportedly sent an email to M&S CEO Stuart Machin following the cyberattack, gloating about the hack and demanding a ransom. The email's contents, as reported by the BBC, described the group's actions in aggressive terms. DragonForce is not the only group connected to the attack; the Scattered Spider network was previously identified as involved.

According to cybersecurity researcher Sergey Shyekevich, alliances between hacker groups are becoming more common on the dark web. DragonForce offers Ransomware to cyber-criminal affiliates, taking a percentage of any ransoms collected. The group has recently become more active, marketing itself as a "Ransomware Cartel." Researchers believe the group operates out of Malaysia, although this is disputed. DragonForce has also been linked to the Co-op cyberattack.

Scattered Spider is a group known for targeting large organizations using social engineering tactics. They have previously used techniques like SIM swapping and impersonating IT staff to gain access to systems. The group, believed to be composed of young adults from the US and UK, gained notoriety for hacking and extorting major casino and gambling companies in the United States. In 2023, they were linked to the hacking and extortion of Caesars Entertainment and MGM Resorts International, resulting in a ransom payment from Caesars.

The M&S cyberattack was first disclosed on April 22nd, disrupting online operations and contactless payments. Customer data, including personal information, was compromised. M&S attributed the attack to "human error," with hackers gaining access through a third party.

In response to the attacks on the retail sector, the NCSC issued advice to the industry. The NCA is investigating the incidents, emphasizing the importance of cybersecurity measures and reporting attacks to law enforcement.

The cyberattack caused M&S to lose a significant amount of value. The company expects a £300 million hit to profits this year due to the disruption to its online business. M&S has announced the reopening of online ordering with plans to resume additional services in the coming weeks. The retailer has stated that its stores are operating normally.