NCSC Warns of Escalating Cyber Threats to UK Retail Sector
The UK’s National Cyber Security Centre (NCSC) has issued an urgent warning following a string of cyberattacks targeting leading UK retailers. The agency, part of the GCHQ intelligence network, described these incidents as a “wake-up call” for the retail industry.
In an official statement this week, the NCSC confirmed it is actively working with impacted organizations to assess the scale and nature of the disruptions.
“These incidents should act as a wake-up call to all organisations. I urge leaders to follow the advice on the NCSC website to ensure they have appropriate measures in place to help prevent attacks and respond and recover effectively.”
— Dr Richard Horne, CEO, NCSC
The agency emphasized that the incidents are a cause for concern for both affected businesses and their customers.
Three Major UK Retailers Targeted in Recent Attacks
The alert follows confirmed attacks on Harrods, Marks & Spencer (M&S), and the Co-operative Group (Co-op) within the past two weeks.
Harrods reported on May 1st that it had experienced a network intrusion attempt. While it did not confirm whether its systems were compromised, the company has restricted internet access to various platforms, indicating an ongoing internal response.
Co-op disclosed a separate cyber incident shortly after. An internal memo from Chief Digital and Information Officer Rob Elsey warned employees to exercise caution with email and Microsoft Teams. The company also disabled VPN access, signaling potential containment efforts.
Marks & Spencer faced a more disruptive attack last week, which affected online orders, contactless payments, and Click & Collect services. It was later confirmed that the incident was a ransomware attack, where DragonForce ransomware was deployed. The group behind the breach is believed to be associated with Scattered Spider, a threat actor linked to several high-profile attacks.
Ransomware Group Scattered Spider Implicated
The ransomware used in the M&S attack aligns with tactics associated with Scattered Spider, a known cybercriminal group. The group has previously targeted:
- MGM Resorts
- Caesars Entertainment
- Twilio
- DoorDash
- MailChimp
- Riot Games
- Coinbase
The group’s use of DragonForce ransomware and social engineering techniques has made it one of the most disruptive threat actors currently active.
Government Inquiry and Ongoing Support
In response to these incidents, the UK House of Commons’ Business and Trade Committee has requested details from the CEOs of Marks & Spencer and Co-op. The inquiry seeks to understand whether affected companies received adequate support from national agencies, including the National Crime Agency (NCA) and the NCSC.
The NCSC continues to offer guidance and technical assistance to retailers and other critical sectors, reinforcing the need for proactive cybersecurity strategies across the private sector.
