Companies and websites are facing ‘constant’ cyber attacks after three major supermarkets were targeted by hackers in the last month, an expert has said.
Hacks like the one that paralysed Marks and Spencer payment systems and led to customer data being stolen are being attempted ‘all the time and everywhere’, cyber security expert Dr Ian Batten told Metro.
M&S shoppers were greeted with empty shelves after the ransomware attack caused disruption to payments and online ordering.
Co-op was also hit by a cyber attack in April, with customer data stolen, while Harrods also fell victim with some systems being taken offline.
But those hackers taking down national institutions are often not carrying out sophisticated attacks, Batten said.
Instead, they are using clever tricks and bombarding hundreds of companies in hopes of getting lucky.
This time around the attack has been linked to a mysterious hacking collective known as Scattered Spider
What happened to M&S?
The ongoing M&S outages were caused by a ransomware attack that encrypted the company’s servers, BleepingComputer reports.
The hackers reportedly could have breached M&S as early as February.
According to Dr Batten, a lecturer for the School of Computer Science at the University of Birmingham, the malign agents could have waited months to ‘pull the detonator’.
‘If they broke in through the front door, into the virtual machine, and are running ransomware inside it, then all the backups are corrupt as well,’ Batten told Metro.
‘You don’t know when they broke in.
‘If they’re sensible, they would have broken in months ago, planted their thing, and not used it.
‘Then they come back later, when all of the backups contain their magic stuff, and then pull the trigger and it all goes horribly wrong.’
Dr Batten warns that M&S’s own tech experts may still be in the dark about what happened.
He added: ‘That’s where a lot of really smart people are gonna be doing an awful lot of smart work in order to try and figure out what’s actually going on.’
The impact has been devastating, with M&S potentially losing around £3.5 million per day.
How do hackers like Scattered Spider get inside a company’s system?
The computer whizzes behind these kind of break-ins are ‘not deploying sophisticated technical attacks’, Dr Batten says.
The hackers, who are often young and unemployed, are simply using the gift of the English language to trick themselves into computer systems.
The cyber expert told Metro: ‘You phone up an IT help desk and say, “Hey, it’s Dave from the Basingstoke branch. I’ve got this problem. Could you just give me access to such and such?”
‘Most times you won’t get away with it, but if you try 100 times, maybe you’ll get lucky.’
Dr Batten compares it to the scam text messages we all get.
He said: ‘The point is they are sending a million of those texts, or at least tens of thousands. They only have to get lucky one.’
So those behind the attack did not set out to break into M&S directly, they just ‘happened to be the one that they succeeded’ in getting into.
‘They had been probing a variety of large corporates,’ Batten added.
What motivates hackers?
‘It’s naive to assume that everyone’s motivation is straightforwardly money,’ Dr Batten told Metro.
Hackers are driven by a wide range of factors, with money often being a secondary consideration.
Many are just in it for the recognition of others.
‘Solo actors have done some really quite spectacularly bad things just to get the respect of their peers.
‘Others then use it as a calling card so that they can then get entrance to the next step, which will be something which will make them money.’
Many groups often just want to sow division and chaos in one country, sometimes at the direction of another country.
Dr Batten said: ‘The ones which are the fronts or the agents of state actors, their objectives may be sowing chaos, mistrust, economic harm.
‘They would regard the money as a bonus. They may regard the disruption, to the company as being an end in itself.’
Has there been a rise in cyber attacks?
The cyber professor is clear that cyber attack attempts are happening all the time.
People are constantly running ‘vulnerability scanners’ across the web to find areas to attack.
They are often looking for flaws which are decades old, Batten says.
So while there is ‘clearly a substantial problem’, it is difficult to tell whether attacks are truly rising or falling.
What is giving the perception of increased attacks is that more firms are owning up to breaches.
Batten said: ‘Marks & Spencer’s communication has been fantastic. They have been very clear, very direct, and very straightforward with their customers.
‘That will give the perception from the outside that the number of such attacks is increasing, although in reality they’re just being admitted to much more honestly.’
A version of this article was first published on May 1.
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
MORE: Man, 87, attacked and left for dead for ‘cornflakes and shepherd’s pie’
MORE: First pictures of car exploding near Keir Starmer’s house in ‘arson attack’
MORE: Dad ‘stabs dead his wife, their two kids and himself hours before son’s graduation’
