Harrods hit by cyber attack as UK retailers battle threats

Harrods, the iconic luxury department store, has become the third UK retailer to be targeted by cyber criminals in the space of two weeks.
The London-based retailer said on 1 May that it had “restricted internet access at our sites”, according to BBC News.
“We recently experienced attempts to gain unauthorised access to some of our systems,” it said, adding “Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
Unlike Marks and Spencer Group (M&S), which to date seems to be the hardest hit of all three of the retailers, Harrods is still taking online orders and has encouraged customers to “not do anything differently at this point”.
What’s the cause of the cyber attacks?
It’s not known if the three incidents are coincidence, a coordinated attack, or something else.
Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, said that while details remain scarce, it shouldn’t be ruled out that all three are a coincidence.
“However, with the information publicly available we can see two other likely scenarios: either a common supplier or technology used by all three retailers has been breached and used as an entry point to big name retailers; or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn’t have previously judged a risk,” he said.
ITPro approached Harrods for comment on how the intrusion was first detected, but hadn’t received a response at the time of publication.
The original attack on M&S, meanwhile, has been attributed to hacking group Scattered Spider according to Bleeping Computer.
According to the website, which cites unnamed “multiple sources”, the problems were caused by “a ransomware attack that encrypted the company’s servers”.
Scattered Spider has been active since 2022 and is behind several high-profile attacks on MGM Resorts in 2023, Twilio, LastPass, GitLab, Apple, and Walmart.
While Spanish authorities claimed they had arrested the alleged ringleader of the group, Robert McArdel, director of forward threat research at Trend Micro, said the group doesn’t operate like “traditional ransomware groups we associate with Russian-speaking cyber crime”.
“They are a much looser connected network of individuals who assemble together for individual attacks and resemble the structure of Hacktivist groups like past activity of Anonymous,” he explained.
“Scattered Spider has routinely targeted retail providers – as shown by the domain names registered by the group for use in phishing campaign efforts – so targeting M&S would be ‘on-brand’,” he added.
MORE FROM ITPRO
Source link