It's now been more than a week of chaos for Marks and Spencer (M&S), one of the UK's biggest brands, following what - it is now obvious - is a significant cyber attack. It's cost the retailer millions of pounds in lost sales and a lower share price. M&S still isn't revealing exactly what or who knocked out its online ordering systems, paused deliveries,left empty shelves in stores,and resulted in limited access to internal platforms ("they're using pen and paper mate," one contact told me). The firm is working with the National Cyber Security Centre, which will not comment on active investigations. The Information Commissioner's Office, the data protection regulator, says it is "making enquiries". M&S maintains it has no details to share about the incident. As time goes on, though, the chorus of unanswered questions grows louder. Starting with, why is this taking so long? Many non-cyber related technical glitches are relatively quick fixes. An outage caused by a faulty software or server update, or even user error, can often be resolved in a matter of hours. But trying to find and stop malware sweeping through systems and causing havoc on the scale of those operated by a large nationwide retailer like M&S, is not a quick job says Professor Alan Woodward, a cybersecurity expert from Surrey University. "Everything from knowing what has been sold, hence what needs replenishing, to taking card payments is very dependent on complex systems… it will take significant time and expertise to analyse and ensure they have expelled the hacker," he said. Lisa Forte, partner at cyber security firm Red Goat, agrees. "They are handling the disruption in a mature way but to expect any company to get anything back online in a week is never going to happen," she says. "I don't know one organisation that could do it." A lot is also riding on the nature of the threat. The longer a cyber incident goes on, the more likely it is to be ransomware, say multiple cybersecurity experts. "I would suggest there is a high level of confidence this is a ransomware style event," says Dan Card, cyber expert at BCS, the chartered institute for IT. "I describe these as like a digital bomb has gone off. So recovering from them is often both technically and logistically challenging… the victim organisation is likely going to be working around the clock to respond and recover." Ransomware is a particularly nasty strain of virus, in which the owner of a computer or network of computers is locked out, their data scrambled, and the attackers demand a fee, usually in cryptocurrency, to restore it. Official advice is not to pay. You are, after all, putting your trust in criminals to be true to their word. But it is often impossible to restore compromised services without the hackers' key – meaning the only way around it is to either use back-ups or install new systems and start again. M&S will not comment, and no attacker has yet gone public with any demands – although this doesn't always happen, it is often a way for cyber criminals to pile more pressure onto their victims. As to who those hackers might be: fingers are pointing at a rather fluid network of individuals called Scattered Spider (it also has other aliases). It was behind the attack onthe MGM Las Vegas hotels in 2023. The website Bleeping Computer cites "multiple sources" suggesting they are responsible andsays some of them are teenagers. Rik Ferguson, special advisor to Europol's European Cyber Crime Centre, says the sources of speculation about the group's involvement seem credible but adds that he has seen no conclusive evidence so far. I asked him whether M&S customers should be concerned about their personal information: the firm itself currently says no action is required. "Only M&S are able to tell us whether customers should be worried about their personal data," he said. "In the absence of certainty, it would certainly be advisable for M&S customers, particularly those who may have reused their M&S account credentials on other web services, to begin changing those passwords elsewhere."
Why is the M&S cyber attack chaos taking so long to resolve?
TruthLens AI Suggested Headline:
"Marks and Spencer Faces Extended Disruption Following Cyber Attack"
Bbc News
7.4
TruthLens AI Summary
Marks and Spencer (M&S), a prominent retailer in the UK, has been grappling with a significant cyber attack for over a week, which has led to substantial business disruption. This incident has caused millions in lost sales and a decline in share prices, as the company has struggled to resolve issues with its online ordering systems and internal platforms. Despite working with the National Cyber Security Centre and the Information Commissioner's Office, M&S has refrained from disclosing specific details about the attack, including the identity of the perpetrators. The ongoing chaos has raised questions about the length of time taken to address the situation, particularly as many technical glitches can typically be resolved swiftly. However, cybersecurity experts emphasize that dealing with a severe malware incident requires extensive time and expertise to ensure systems are secured and operational again. They suggest that the complexity of M&S's systems, which manage everything from inventory to payment processing, complicates the recovery process significantly.
Experts in cybersecurity have speculated that the nature of the attack may be ransomware-related, which poses unique challenges for recovery. Ransomware attacks often lock organizations out of their systems and demand payment, typically in cryptocurrency, to regain access. While M&S has not confirmed any ransom demands or the specifics of the attack, speculation points to a group known as Scattered Spider, which has been implicated in other high-profile incidents. While M&S has assured customers that their personal data is not currently at risk, experts advise caution, particularly for those who may have reused their credentials across different platforms. The situation remains fluid, and as M&S continues to work towards restoring its operations, the uncertainty surrounding the attack's implications for both the company and its customers continues to grow.
TruthLens AI Analysis
The article delves into the ongoing turmoil faced by Marks and Spencer (M&S) following a significant cyber attack that has disrupted their operations for over a week. This situation raises numerous questions about the nature of cyber threats, corporate responses, and public perception.
Purpose of the Publication
The article aims to inform the public about the severity and complexity of the cyber attack on M&S. It emphasizes the challenges the company faces in restoring its services and the potential long-term implications of such incidents. By highlighting the difficulties in resolving cyber attacks, the article seeks to instill a sense of understanding regarding the situation's gravity and the technical intricacies involved.
Public Perception and Sentiment
The narrative fosters a perception of vulnerability among large retailers, suggesting that even established brands like M&S are not immune to cyber threats. This could lead to increased public concern about data security and trust in large corporations. The article also hints at a potential lack of transparency from M&S, which may lead to skepticism about the company's operations and internal security measures.
Information Disclosure and Transparency
There seems to be an underlying concern regarding the lack of detailed information from M&S about the attack. The article reflects this by noting the growing number of unanswered questions. This could suggest that there might be more significant issues at play that the company prefers to keep under wraps, potentially to manage their reputation or avoid panic among customers and stakeholders.
Manipulative Elements
The article could be perceived as somewhat manipulative, particularly in its emphasis on the potential for ransomware, which tends to evoke fear. The language used suggests urgency and chaos, possibly to heighten concern and draw attention to the broader implications of cyber security in the retail sector.
Credibility of the Information
The information appears credible, as it cites cybersecurity experts and governmental agencies involved in the investigation. However, M&S's reluctance to share details may lead to questions about the full extent of the damage and the company's ability to manage the crisis.
Underlying Narratives
The article connects to a broader narrative regarding the rise of cyber threats in today's digital landscape. It mirrors similar reports about cyber incidents affecting other companies, suggesting a pattern of vulnerability in the retail sector. This context can amplify public concern and discussions about the need for improved cybersecurity measures across industries.
Impact on Society and Economy
The implications of this news can significantly impact consumer confidence and the stock market. With M&S being a major player in the UK retail sector, ongoing disruptions could lead to decreased sales, affecting not only the company but also its suppliers and associated businesses.
Community Response
This news likely resonates more with tech-savvy communities concerned about cybersecurity and data privacy. It may also attract the attention of investors and stakeholders in the retail sector, prompting discussions about risk management and cybersecurity investments.
Market Implications
The repercussions of this incident could affect M&S stock and potentially influence investor sentiment towards other retailers facing similar threats. Market players might become more cautious, leading to fluctuations in stock prices within the retail sector.
Global Context and Relevance
While the article focuses on a UK-based company, the implications of cyber threats are global. The current geopolitical landscape, heightened by tensions involving cyber warfare, makes this incident particularly relevant, as it underscores the importance of cybersecurity in safeguarding national and economic interests.
Use of Artificial Intelligence
There is no explicit indication that artificial intelligence was used in the writing of this article. However, the structured presentation of expert opinions and the analysis of the situation may reflect an AI-assisted approach to organizing and synthesizing information. If AI were involved, it could have influenced the clarity and focus of the narrative.
Overall, this article serves to illuminate the complexities of cyber threats and their consequences for significant retailers like M&S, while also addressing concerns about transparency and public trust.