Landmark London department store Harrods has become the latest UK retailer to fall victim to a cyber attack in the past 10 days, joining a list that already includes Marks and Spencer (M&S) and Co-op.
The still-in-progress incident was initially reported by Sky News and has supposedly left customers unable to pay for their purchases.
A Harrods spokesperson confirmed the accuracy of this report to Computer Weekly.
“We recently experienced attempts to gain unauthorised access to some of our systems,” they said. “Our seasoned IT security team immediately took proactive steps to keep systems safe and, as a result, we have restricted internet access at our sites today.”
The spokesperson added: “Currently, all sites, including our Knightsbridge store, H beauty stores and airport stores, remain open to welcome customers. Customers can also continue to shop via Harrods.com.
“We are not asking our customers to do anything differently at this point and we will continue to provide updates as necessary.”
Three major attacks
Further details on the incident affecting Harrods are yet to be made public.
This lends weight to growing speculation that all three attacks may share a common link. The most plausible scenario would suggest the three attacks originated through an unidentified third-party retail services partner in a supply chain attack.
There must be a common thread across these retailers that has put them firmly in the crosshairs of cyber criminals. These aren’t isolated events, they are a wake-up call Tim Grieveson, ThingsRecon
Earlier this week, it emerged that the M&S attack may have been the work of the cyber criminal collective Scattered Spider, which allegedly deployed a white-label ransomware called DragonForce on its VMware servers.
A compromise orchestrated through a third-party supplier would align with Scattered Spider’s modus operandi – the gang famously extorted multiple victims, including two high-profile Las Vegas casino operators, having exploited Okta identity services.
Tim Grieveson, chief security officer at attack surface discovery specialist ThingsRecon, said: “There must be a common thread across these retailers that has put them firmly in the crosshairs of cyber criminals. These aren’t isolated events, they are a wake-up call. The action and initiative we have seen from the Co-Op and Harrods should be a blueprint for others, not just in retail, but across all sectors.”
Toby Lewis, head of threat analysis at Darktrace, said: “With the information publicly available, we can see two other likely scenarios: either a common supplier or technology used by all three retailers has been breached and used as an entry point to big-name retailers; or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn’t have previously judged a risk.
“It’s a lesson again in the growing difficulty large organisations have in securing against threats in their supply chain, particularly as those threats grow in volume and sophistication.”
Copycat hackers
Jake Moore, global cyber security advisor at ESET, highlighted a third possibility, saying that even if the same threat actor was not responsible for all three incidents, it was not uncommon for related targets in similar sectors to fall victim to attacks in quick succession.
Moore said that in the case of ransomware like DragonForce, which is openly sold on the cyber criminal underground via a ransomware-as-a-service (RaaS) model, it can be easily deployed by other threat actors motivated by the first attack to seek out similar vulnerabilities.
“Other hacking groups are also able to attempt their luck on similar businesses and start demanding ransoms where possible,” added Moore.
“Attacks involving the DragonForce ransomware most commonly start by targeting known vulnerabilities, such as attacking systems that have not been kept up to date with the latest security patches, so businesses need to be extra vigilant and improve how quickly they update their networks,” he said.
Read more on Data breach incident management and recovery
Jonathan is a tech enthusiast and the mind behind Tech AI Verse. With a passion for artificial intelligence, consumer tech, and emerging innovations, he deliver clear, insightful content to keep readers informed. From cutting-edge gadgets to AI advancements and cryptocurrency trends, Jonathan breaks down complex topics to make technology accessible to all.
