Harrods becomes latest UK retailer to fall victim to cyber attack
Landmark London department store Harrods has become the latest UK retailer to fall victim to a cyber attack in the past 10 days, joining a list that already includes Marks and Spencer and Co-op.
The still in-progress incident was initially reported by Sky News and has supposedly left customers unable to pay for their purchases.
“We recently experienced attempts to gain unauthorised access to some of our systems,” they said.
“Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted internet access at our sites today.”
The spokesperson added: “Currently all sites including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers. Customers can also continue to shop via harrods.com.
“We are not asking our customers to do anything differently at this point and we will continue to provide updates as necessary.”
Three major attacks
Further details on the incident affecting Harrods are yet to be made public.
However, the incident comes barely 48 hours after Co-op first disclosed it was experiencing a similar cyber attack that it also took proactive steps to mitigate, and less than a fortnight after M&S was forced to suspend multiple online services.
This has led weight to growing speculation that all three attacks may share a common link. The most plausible scenario would suggest that the three attacks originated through an unidentified third-party retail services partner in a supply chain attack.
Earlier this week, it emerged that the M&S attack may have been the work of the cyber criminal collective Scattered Spider, which allegedly deployed a white-label ransomware called DragonForce on its VMware servers.
A compromise orchestrated through a third-party supplier would align with Scattered Spider’s modus operandi – the gang famously extorted multiple victims, including two high-profile Las Vegas casino operators, having exploited Okta identity services.
Tim Grieveson, CSO at ThingsRecon, an attack surface discovery specialist, said: “There must be a common thread across these retailers that has put them firmly in the crosshairs of cyber criminals. These aren’t isolated events, they are a wake-up call. The action and initiative we have seen from the Co-Op and Harrods should be a blueprint for others, not just in retail, but across all sectors.”
Jake Moore, global cyber security advisor at ESET, said that even if the same threat actor was not responsible for all three incidents, it was not uncommon for related targets in similar sectors to fall victim to attacks in quick succession.
Moore said that in the case of ransomwares like DragonForce, which is openly sold on the cyber criminal underground via a ransomware-as-a-service (RaaS) model, can be easily deployed by other threat actors motivated by the first attack to seek out similar vulnerabilities.
“Other hacking groups are also able to attempt their luck on similar businesses and start demanding ransoms where possible,” said Moore.
“Attacks involving the DragonForce ransomware most commonly start by targeting known vulnerabilities such as attacking systems that have not been kept up to date with the latest security patches so businesses need to be extra vigilant and improve how quickly they update their networks,” he said.
Source link
