Co-op staff have been put on alert for hackers targeting their systems. The cooperative, known for retail, insurance, and funeral care, is in the midst of dealing with an ongoing cyber attack.
Reports say that Co-op took proactive measures, shutting down parts of its IT systems just a day before the public announcement of the attack. This move has garnered some positive feedback. In an email to employees, Rob Elsey, Co-op’s chief digital and information officer, revealed that the cyber threat kicked off last weekend. He warned that if employees work from home, they won’t have access to critical systems requiring a VPN. Elsey advised those experiencing issues to work from a Co-op location instead.
Further details indicate that employees must verify attendees during online meetings on Microsoft Teams, keep webcams on, and avoid recording or transcribing any discussions. Cybercriminals often target internal communication channels. The Lapsus$ gang, notorious for breaching high-profile companies, used this tactic in a 2022 incident involving Rockstar Games, where they accessed sensitive game footage through an employee’s Slack channel.
While there’s no confirmed link between Co-op’s situation and the cyber attack affecting Marks and Spencer (M&S), the timing has raised eyebrows. Two major incidents within two weeks at UK supermarkets have sparked speculation about possible connections. Jason Gerrard from Commvault noted that even without a direct link, the attacks benefit cybercriminals. They often target significant firms to gain notoriety and financial rewards.
Gerrard explained that breaching one piece of software can impact many related organizations. Hackers are drawn to high stakes for better leverage. In the face of potential legal or reputational damage, some companies may feel pressured to pay ransoms. However, paying doesn’t always ensure recovery; for instance, Travelex paid $2.3 million in bitcoin, yet the decryption tools failed, leading to its downfall.
As for M&S, the fallout from its cyber incident is growing. The retailer struggles with in-store supply chains, leading to empty shelves across the UK. Since the attack started, it has lost over £700 million in total value and continues to miss out on significant online sales opportunities.
