Co-op narrowly escaped a devastating cyber attack that saw customer data stolen and store shelves left bare, but experts warn rebuilding trust will be a difficult task.
The revelation that Co-op narrowly escaped being locked out of its computer systems during the cyber attack that saw customer data stolen and store shelves left bare has shed light on the firm’s swift decision to take action. The hackers, who claim responsibility for both attacks, told the BBC that they tried to infect Co-op with malicious software known as ransomware but failed when the firm discovered the attack in action.
A co-op, short for cooperative, is a business owned and controlled by its members who share resources and work together to achieve common goals.
Members contribute financially or through labor, and profits are distributed among them.
Co-ops can be found in various industries, including food, housing, healthcare, and energy.
They promote community involvement, mutual aid, and democratic decision-making.
According to the International Co-operative Alliance, there are over 3 million co-ops worldwide, serving more than 1 billion people.
The Anatomy of a Cyber Attack
Ransomware is a type of attack where hackers scramble computer systems and demand payment from victims in exchange for handing back control. The criminals behind the attacks, who claimed responsibility for both Co-op and M&S hacks, told the BBC that they used a cyber crime service called DragonForce to carry out their malicious activities.
Ransomware is a type of malicious software that encrypts a victim's files or locks their device and demands a ransom in exchange for the decryption key.
It typically spreads through phishing emails, infected software downloads, or exploited vulnerabilities.
According to a report by Cybersecurity Ventures, ransomware attacks resulted in over $20 billion in damages in 2020.
The most common types of ransomware include WannaCry, NotPetya, and GandCrab.
A Sudden Turning Point
Co-op’s response to the attack was deemed sensible by cyber experts like Jen Ellis from the Ransomware Task Force. ‘Co-op seems to have opted for self-imposed immediate-term disruption as a means of avoiding criminal-imposed, longer-term disruption,’ she said. This decision appears to have prevented the hackers from continuing their hack and causing further damage.
A Delicate Balance
Cyber experts like Prof Oli Buckley warned that rebuilding trust would be a difficult task for Co-op. ‘It will be a process of showing that lessons have been learned and there are stronger defences in place,’ he said. The firm’s decision to recover more quickly than M&S, which had its systems comprehensively compromised, may have been influenced by this swift response.
The Rise of Cyber Crime
The same cyber-crime group has also claimed responsibility for an attempted hack of the London department store Harrods. The hackers, who operate on Telegram and Discord channels, boast about their malicious activities and claim to be from a loosely coordinated group of hackers known as Scattered Spider or Octo Tempest.
Harrods is a British department store located on Brompton Road in Knightsbridge, London.
Founded in 1849 by Charles Digby Harrod, the store initially sold high-quality tea and groceries.
Over the years, Harrods expanded to offer luxury goods, including fashion, jewelry, and home furnishings.
Today, Harrods is a iconic shopping destination, attracting millions of visitors annually.
The store is known for its opulent interior design, featuring intricate details and lavish decorations.
A Warning to Retailers
The gang’s tactics are similar to those seen in previous attacks, and some security experts say they may be using an affiliate cyber crime service to carry out these attacks. Co-op and M&S have both declined to comment on the attacks, but it is clear that the retailers must take steps to protect themselves against such threats in the future.
A Call to Action
The recent cyber attack on Co-op serves as a reminder of the importance of cybersecurity for businesses. Retailers must ensure they have robust defences in place to prevent similar attacks and rebuild trust with their customers once damage has been done.
