UK retailer cyber attacks – hackers are always one step ahead

In recent weeks, three major UK retailers – Marks & Spencer (M&S)*, supermarket chain Co-op* and luxury department store Harrods* – have been targeted by cybercriminals in a wave of attacks that has disrupted operations and raised concerns about the security of retail IT systems.

These incidents highlight the increasing sophistication of cyber threats and the urgent need for businesses to bolster their defences.

What happened?

M&S was hit by a ransomware attack on 25 April, forcing the retailer to take down online job adverts and suspend online orders. The attack disrupted contactless payments and click-and-collect services, leaving some store shelves bare.[1]

Meanwhile, Co-op experienced an attempted hack the following weekend, prompting the company to shut down parts of its IT infrastructure. While its stores and funeral services continued to operate, staff were instructed to verify identities during remote meetings.[2] The attack affected back-office and call centre services, but the company managed to contain the breach before it escalated.

Harrods became the latest victim on 1 May, facing unauthorised access attempts that led to restricted internet access across its sites. The retailer took proactive steps to secure its systems, ensuring that its Knightsbridge store, H beauty stores and airport locations remained open.

Who may be behind the attacks?

No single entity has been officially identified as being behind the attacks as yet. However, a ransomware group known as DragonForce contacted the BBC following the Co-op attack claiming responsibility for all three attacks.[3]

Ahead of the long weekend, threat intelligence expert Will Thomas warned other UK retailers to take proactive steps to fortify their defences: “There is an active cybercriminal (Scattered Spider-style) ransomware campaign targeting your sector,” he said.

The attacks also prompted the UK’s National Cyber Security Centre (NCSC) to release a statement, again calling on retailers to take action against a possible coordinated strike on the sector: “These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively,” said NCSC CEO Dr Richard Horne.

What happens next, and how can businesses protect themselves?

Cybersecurity analysts suggest that retailers in the same sector often become secondary targets after a major cyberattack. This means that once one company is breached, others with similar vulnerabilities may be next in line. This may prompt companies to shut down parts of their systems as a precautionary measure to mitigate future attacks.

The recent attacks have underscored the cyber threat facing businesses in the UK and beyond. Cybercriminals are relentless, and companies must treat cybersecurity as a priority. Sections of the UK government have acknowledged the growing threat, with four senior Cabinet Office officials recently warning that the country is at critical risk due to outdated IT systems and underfunding.[4]

Retailers must ensure their security patches are up to date, as many ransomware attacks exploit known vulnerabilities. Businesses should also invest in advanced threat detection systems and employee training to mitigate risks.

Investment opportunities in cybersecurity

As cyber threats continue to escalate, we expect companies that provide effective cybersecurity solutions to become increasingly valuable. We believe this is a long-term trend: as more systems, data and people connect digitally, vulnerability will continue to rise.

Investors looking to capitalise on the rising demand for cybersecurity services may find opportunities in firms that offer cutting-edge security technologies. Businesses specialising in ransomware protection, threat intelligence and secure cloud infrastructure are particularly well-positioned for growth, in our view.

The recent attacks against UK retailers underscore the urgent need for robust cyber defences. As businesses and governments work to strengthen security measures, the cybersecurity industry is set to play a crucial role in safeguarding digital assets and ensuring business continuity.

Cyber threats are evolving – so must our defences.

*For illustrative purposes only. Reference to a particular security is on a historic basis and does not mean that the security is currently held or will be held within an L&G portfolio. The above information does not constitute a recommendation to buy or sell any security.

[1] Source: Yet another major retailer hit by cyber attack after M&S and Co-op
[2] Source: Marks and Spencer cyber attack ‘a wake-up call’ as retailer struggles to recover
[3] Source: Co-op DragonForce cyber attack includes customer data, firm admits - BBC News
[4] Source: The UK is unprepared and vulnerable to Russian cyber attacks. Here's why