Marks & Spencer cyber attack
Discussion
It's hard to know currently but as someone working in IT (inc security) for a retail business I'm frustrated by the lack of information being shared 
They're sticking with "cyber incident" but sources like BleepingComputer are saying it's a ransomware attack by Scattered Spider:
https://www.bleepingcomputer.com/news/security/mar...
There was talk of a breach back in February where the Active Directory NTDS.dit file was supposedly taken. This potentially gives someone able to decipher it access to pretty much every account.
M&S have seemingly just isolated as many systems as they can to prevent access so remote workers can't work and distribution hubs etc are cut off from systems and data.
A few years ago M&S outsourced over half of their IT to Tata Consultancy in India.
My assumption based on working with them on other accounts is they've promised the world, and charged accordingly, not delivered and nobody at M&S really checked so disaster recovery hasn't gone to plan.
They're sticking with "cyber incident" but sources like BleepingComputer are saying it's a ransomware attack by Scattered Spider:
https://www.bleepingcomputer.com/news/security/mar...
There was talk of a breach back in February where the Active Directory NTDS.dit file was supposedly taken. This potentially gives someone able to decipher it access to pretty much every account.
M&S have seemingly just isolated as many systems as they can to prevent access so remote workers can't work and distribution hubs etc are cut off from systems and data.
A few years ago M&S outsourced over half of their IT to Tata Consultancy in India.
My assumption based on working with them on other accounts is they've promised the world, and charged accordingly, not delivered and nobody at M&S really checked so disaster recovery hasn't gone to plan.
Edited by thetapeworm on Tuesday 29th April 20:18
Alex Z said:
As above, it looks like a ransomware attack. We won’t know for sure until they share more details, and that won’t happen till they are sure they have everything back under their control.
Lots of the warehouse staff are told to stay home, as are the dev teams.
Imagine being the poor sod running the new M&S store in Madrid yesterday, although it might have been some form of blessed relief not being able to partake in the company's complete fustercluck on an IT infrastructure on account of there being no bleedin' electricity for the store's systems either.Lots of the warehouse staff are told to stay home, as are the dev teams.
Azure tenant compromised through phishing attack, data exfiltrated subject to (time limited) ransom, bunch of next.js devs s
tting themselves. Possibly.
It's weird to me that, AIUI, they closed the checkout functionality themselves but left the site up. I assume they didn't think the actual website was compromised therefore, just the payment processing somehow. Doesn't quite add up to me, unless they've left their customers further exposed. I assume they've got external support in, NCSC have probably offered their advice too, not least on aspects like 2FA or what a Content-Security-Policy header is.
Quite a long time now to have not figured out the mechanism and stood up a fresh stack elsewhere.
tting themselves. Possibly.It's weird to me that, AIUI, they closed the checkout functionality themselves but left the site up. I assume they didn't think the actual website was compromised therefore, just the payment processing somehow. Doesn't quite add up to me, unless they've left their customers further exposed. I assume they've got external support in, NCSC have probably offered their advice too, not least on aspects like 2FA or what a Content-Security-Policy header is.
Quite a long time now to have not figured out the mechanism and stood up a fresh stack elsewhere.
RobB_ said:
Don't TCS have most of UK retail sewn up? King of race to the bottom!
Might be few RFP's coming out
To be fair to TCS, they are pretty good. The top of the India heritage service providers. They aren't cheap and increasingly like IBM (fixed terms, no flexibility). Nobody choose TCS for cost (pick HCL/Wipro if you just want cost arbitrage)Might be few RFP's coming out
Cheap offshore IT as a mechanism from 10-15 years ago, all service providers use India for 60-90% offshore, depending on sector and countries being delivered to.
.:ian:. said:
RobB_ said:
thetapeworm said:
A few years ago M&S outsourced over half of their IT to Tata Consultancy in India.
Don't TCS have most of UK retail sewn up? King of race to the bottom!Might be few RFP's coming out
However, no system is perfect and often it is the human squishy thing that opens a highly targeted payload that breaks the system, regardless of the service being insourced or outsourced.
I've seen some incredible attacks, including one at a major insurer who spent a lot on internal security (not outsourced) and still got breached. They estimated that the development for the package was several $m.
vaud said:
They estimated that the development for the package was several $m.
Sorry, the budget for implementing the breach was $m?What did the hackers do - find an administrator with all of the required credentials, and offer them the choice of $1m in cash in a brown paper bag after handing over the necessary authentication, or having their entire family fed to the pigs?
eharding said:
Sorry, the budget for implementing the breach was $m?
What did the hackers do - find an administrator with all of the required credentials, and offer them the choice of $1m in cash in a brown paper bag after handing over the necessary authentication, or having their entire family fed to the pigs?
Implementing the breach. It was super complex and very, very smart in using compromised updates for a software package to create backdoors. What did the hackers do - find an administrator with all of the required credentials, and offer them the choice of $1m in cash in a brown paper bag after handing over the necessary authentication, or having their entire family fed to the pigs?
I'd share the details, but I need to check if it ever went public.
Gassing Station | News, Politics & Economics | Top of Page | What's New | My Stuff