Marks & Spencer was reported to have had its systems compromised by the Scattered Spider ransomware gang through login credentials obtained from an earlier attack against third-party IT services and consulting provider Tata Consultancy Services, according to Cybernews.
India-based Tata Consultancy Services which also counts the recently breached Co-op among its clients had at least two employees' M&S credentials leveraged to facilitate the attack, claimed a source close to the matter in a report from Reuters. Evidence linking attacks against M&S and Co-op remains inadequate, noted the UK's National Cyber Security Centre, which has advised retailers regarding the importance of strengthening threat detection measures. Meanwhile, ongoing challenges faced by M&S in restoring impacted systems nearly a month after the intrusion were regarded by Aryaka Vice President of Security Engineering and AI Strategy Aditya K. Sood to indicate incident response and system recovery gaps. "M&S should have had segmented environments and backup systems in place," said Sood.
India-based Tata Consultancy Services which also counts the recently breached Co-op among its clients had at least two employees' M&S credentials leveraged to facilitate the attack, claimed a source close to the matter in a report from Reuters. Evidence linking attacks against M&S and Co-op remains inadequate, noted the UK's National Cyber Security Centre, which has advised retailers regarding the importance of strengthening threat detection measures. Meanwhile, ongoing challenges faced by M&S in restoring impacted systems nearly a month after the intrusion were regarded by Aryaka Vice President of Security Engineering and AI Strategy Aditya K. Sood to indicate incident response and system recovery gaps. "M&S should have had segmented environments and backup systems in place," said Sood.
