Staffers at Co-op have been told to be on their guard against lurking hackers on their systems as the cooperative – which specialises in retail, insurance and funeralcare – continues to work to mitigate an ongoing cyber attack.
The latest developments, which were first reported by ITV News, came twenty-four hours after Co-op first shut off parts of its IT systems in a pre-emptive attempt to ward off the danger – an approach which has won plaudits from onlookers.
In an email shared with employees, Co-op’s chief digital and information officer, Rob Elsey, said that the attack – which was made public yesterday – actually began last weekend.
“If you work from home, you won’t be able to access systems and apps that require you to sign in using a VPN,” wrote Elsey. “If you are having issues accessing systems or need to access applications please work from a Co-op location.”
Computer Weekly additionally understands that Co-op users have also been instructed to verify attendees for online meetings via Microsoft Teams, to keep their webcams turned on throughout, and under no circumstances to record or transcribe any meetings.
Some cyber criminal gangs have been known to access, monitor and exploit internal communications channels in their attacks.
The Lapsus$ gang behind multiple attacks on high-profile targets deployed this tactic to great effect in a 2022 intrusion at Rockstar Games, where a member obtained gameplay footage of the in-development title Grant Theft Auto 6 from an employee Slack channel.
No known link to M&S but speculation abounds
Although no link between the incident at Co-op and the attack that has crippled Marks and Spencer’s (M&S’s) online systems has been proven, the fact that two high-profile incidents at UK supermarkets have occurred in the space of a fortnight has raised eyebrows and prompted some speculation as to whether or not the two incidents are related in some way.
Jason Gerrard, senior director of channel systems engineering for EMEAI at Commvault, said even if there was no link, the two attacks were a gift to the cyber criminal underground. “The increase in IT outages and cyber attacks is becoming extremely hard to ignore and that’s exactly what threat actors are counting on,” he said.
“Targeting industry leaders and critical supply chains is a calculated strategy for notoriety and financial gain. Hackers know that compromising a single piece of software can open doors to hundreds of downstream organisations. They’re chasing money and publicity – so they aim for ‘big fish’,” said Gerrard.
He added: “Regulations like the EU’s [European Union’s] DORA rightly push for compliance but may also make these businesses more appealing targets. The higher the stakes, the greater the leverage for attackers.
“Faced with legal or reputational fallout, some organisations are more likely to pay ransoms – but payment doesn’t guarantee recovery. One major travel company [Travelex] paid $2.3m in bitcoin, only for the decryption tools to fail, leading to its collapse.”
Costs mount up
Meanwhile, the costs of the M&S incident continue to mount up, with the retailer now beginning to struggle to maintain its in-store supply chains, leading to gaps on shelves in stores across the UK.
The 141 year-old organisation has seen over £700m wiped off its total value since the cyber attack began, and is also losing millions on missed online sales opportunities.