Co-op is latest British retailer to be hit by cyber attack

By James Davey and Paul Sandle

LONDON (Reuters) -Britain's Co-op Group said on Wednesday hackers had attempted to break into its systems, the second high-profile cyber attack on a major UK retailer in as many weeks, following an ongoing incident at Marks & Spencer.

The Co-op, which is owned by its members and trades from over 2,300 food stores across the UK and also has funeral care, legal and insurance businesses, said the attack had forced it to shut down some of its back office and call centre operations.

It said all its stores, online operations and funeral homes were trading as usual and it was working to reduce disruption.

"We have recently experienced attempts to gain unauthorised access to some of our systems," a Co-op spokesperson said.

"We have taken proactive steps to keep our systems safe."

The incident appears to have had less of an impact than the attack on Marks & Spencer, one of Britain's best known retailers, which has paused taking clothing and home orders through its website and app for the last six days.

British companies, public bodies and institutions have been hit by a wave of cyber attacks in recent years, costing them tens of millions of pounds and often months of disruption.

The attack on M&S has come during a bout of warm weather in Britain, when retailers would normally report an increase in demand for summer clothing. Availability of some food products has also been affected in some stores.

The National Cyber Security Centre is working with both companies and the National Crime Agency said last week it was aware of the M&S incident.

The Metropolitan Police confirmed on Wednesday that detectives from its Cyber Crime Unit were investigating the M&S attack.

RANSOMWARE

While, M&S has not disclosed the nature of the cyber attack, cyber security experts have said the fact that M&S took systems offline suggested it was a ransomware-related event.

Technology specialist site BleepingComputer, citing multiple sources, said a ransomware attack that encrypted M&S's servers was believed to have been conducted by a hacking collective known as "Scattered Spider".

Scattered Spider comprises small clusters of people, including youngsters, who collaborate on and off on specific jobs, security experts and officials have said.

It has been blamed for unusually aggressive cybercrime sprees, and in 2023, members of its community locked up the networks of casino operators Caesars Entertainment and MGM Resorts International and demanded hefty ransom payments.

Nathaniel Jones, VP of Security & AI Strategy at cybersecurity company Darktrace, said the alleged confirmation that Scattered Spider was behind the M&S attack via the DragonForce encryptor highlighted the sophisticated threat this group posed to major organisations.

He said members of the group didn't just exploit technical vulnerabilities but manipulated people, especially IT help desks, through phishing, Multi-Factor Authentication (MFA) bombing, and SIM swapping to gain access.

Five members alleged to be in the group were charged by U.S. prosecutors in November.

(Reporting by James Davey and Paul SandleEditing by Kate Holton and Emelia Sithole-Matarise)