The attackers appeared to be highly selective, prioritising psychological manipulation over sophisticated technical exploits. Instead of relying on complex malware, they exploited trust, routine, and human error.
Related: North Korean hackers linked to crypto theft via fake Zoom meetings
UK Retailers Hit by a Coordinated Cybercrime Campaign
A wave of coordinated cyberattacks recently swept through major UK retailers, with several high-profile brands suffering significant operational and financial damage during the Scattered Spider campaign.
Among the hardest hit were Marks & Spencer, The Co-operative Group, and Harrods. UK authorities confirmed that the group deployed DragonForce ransomware as a pressure tactic to extract leverage from victims.
In July, law enforcement arrested four suspects, all of whom were teenagers. The arrests highlighted a growing reality: modern cybercrime rings are increasingly young, decentralised, and alarmingly well-organised.
The financial impact was severe. Marks & Spencer estimated losses of roughly £300 million, while the Co-op disclosed revenue losses amounting to £206 million.
Inside the Marks & Spencer Breach
During a UK Parliament committee session, M&S chairman Archie Norman confirmed that the attack followed known Scattered Spider playbooks and involved DragonForce ransomware. He declined to confirm whether a ransom payment was made.
According to Norman, the breach began with social engineering and was compounded by a third-party supply chain weakness. Stolen credentials linked to Tata Consultancy Services played a role in enabling access.
Rather than engaging directly with the attackers, M&S chose to work through specialist intermediaries. The consequences were extensive. Online ordering was suspended for months, and core systems had to be rebuilt almost entirely from scratch.
Why the Co-op Bounced Back Faster
Although the Co-op was also compromised, its recovery was significantly quicker. Stock availability normalised by late May, and most stores resumed full operations by June.
Speaking at the Financial Times Cyber Resilience Summit, MP Alison Griffiths attributed the difference to contrasting technology strategies. The Co-op had already progressed far in moving away from legacy infrastructure, with cloud migration well underway.
This modernisation limited attackers’ ability to operate inside internal systems and sharply reduced recovery time. In contrast, M&S’s slower transition meant system restoration took close to four months, giving attackers a longer window to inflict damage.
Why Retailers Remain Prime Targets
Retail remains one of the most attractive sectors for cybercriminals. Large workforces increase exposure, and M&S alone employs around 50,000 people, expanding the attack surface dramatically.
Retailers also store high-value data, including payment information, consumer behaviour insights, and sensitive internal records. According to Kroll’s Brent R. Tomlinson, the sector is a “target-rich environment,” where outdated systems and constrained security budgets remain common.
The Bigger Lesson
The Scattered Spider incidents exposed uncomfortable truths for the UK and beyond. Cybersecurity is not purely a technical problem. Human behaviour, infrastructure decisions, and organisational readiness play an equally critical role.
Faster cloud adoption reduced downtime, while better coordination and information sharing improved response effectiveness. The message is clear: resilience is built long before an attack begins.
Disclaimer: BFM Times provides information strictly for educational purposes and does not offer financial advice. Readers should consult a qualified financial advisor before making any investment decisions.