Inside the Marks And Spencer Cyberattack: What UK Businesses Must Learn
For those out and about over the Easter weekend doing a food or clothing shop, you may have inadvertently been caught up in chaos at Marks & Spencer - a mainstay on UK highstreets for over a century. But what happened, and why were they brought to their knees?
Inside the M&S Cyberattack: What UK Businesses Must Learn
A sophisticated ransomware group known as Scattered Spider infiltrated its systems, halting operations across all 1,049 stores, suspending online orders, and triggering supply chain chaos.
This wasn’t just an IT issue either. It was a full-blown operational crisis. Customers were left in the dark, hot food counters shut down, staff at Fifosys have said how their local stores stopped accepting contactless payments and M&S’s stock has since dropped by over £700 million at the time of writing.
It's not just any cyber attack.
It's a complete disaster of a cyber attack.
(Sorry, Percy)
Who’s Behind the Attack?
You don't have to be a cyber security aficionado to recognise the culprits either. Scattered Spider (also known as Octo Tempest), are notorious - and have already been linked to hacking and extorting two of the largest casino and gambling companies in the United States, Caesars Entertainment and MGM Resorts International - plus links to attempts on Visa, PNC Financial Services Group Inc, Snowflake and Twilio.
That said, it's fair to say they're not your average hackers. Far from it.
Primarily made up of young threat actors from the UK and US, they specialise in social engineering and credential theft, with their go-to tactic exploiting human trust to bypass enterprise defences.
How Did They Breach M&S?
Naturally, as it's still ongoing and doesn't appear to be resolved, more details about what happened, the damages and how they managed to bring a giant like M&S down will come out over time. But, here's what we understand so far:
Gained access months before the attack, quietly harvesting credentials.
Exfiltrated sensitive data, including NTDS.dit password hashes.
Deployed DragonForce ransomware, encrypting systems and paralysing operations.
Why This Matters for Your Business
It would be hard to disagree that M&S are a retail titan - and they come armed with huge resources, a big workforce and almost 150 years of brand credibility. If they can be compromised, what makes you think any business is immune?
"We're not as big as M&S!", you may counter - and you could have a point. Even post breach, they still boast a market cap of £7.82 billion.
Sadly, cybercriminals aren't picky.
They don’t just go after big names; they exploit the blind spots in any system that lacks continuous monitoring, updates, endpoint protection, and staff training - amongst a whole other range of ways in - meaning you cannot afford to bury your head in the sand and be ignorant to the threats.
Cyber resilience isn't optional
In our monthly cyber security session, we dive into the true cost of cyber attacks, which explores how 94% of all attacks are caused by human error - and takes 194 days to be discovered.
Proactive threat detection and response (MDR)
24.7.365 system monitoring and endpoint protection
Compliance-led strategies tailored for UK businesses
But we also take the time to connect on a human level, meet your staff, your executive team and then learn about your journey and where you want to go. We'll then work to educate them on the threats, risks and ways to ensure they play their part in keeping you secure.
Final Thought: Prevention Beats Recovery
Scattered Spider's playbook is built around one very simple idea: exploitation thrives on delay. The longer it takes a business to detect and respond, the greater the damage.
If you take nothing else away from this blog, you should note that you are not immune from threats out there. You're next.
With 3.4 billion fishing emails being sent a day and an attack occurring every 39 seconds now, we're so far past the 'IF we get hit!' territory that it's now a matter of 'when we get hit'.
So, we'll leave you with this question: Do you know what happens when that day comes?
Now is the perfect time to audit your defences, revisit your incident response plan, and ensure your team is ready for what’s coming next.
Not sure where to start? Don't worry. Use our contact form and arrange time with one of Fifosys' cybersecurity experts today.