In the wake of a high-profile cyberattack on Marks & Spencer, cybersecurity experts are warning that other UK retailers could soon find themselves in the crosshairs of opportunistic hackers.
Luxury department store Harrods became the latest to respond to a suspected threat, confirming it had limited internet access across its locations on Thursday as a precautionary move. This comes just days after M&S was forced to suspend online orders and freeze recruitment following a damaging ransomware incident. Co-op has also confirmed an attempted breach and responded by shutting down parts of its IT infrastructure.
The pattern is familiar. When one major retailer falls victim, others in the same sector quickly become potential targets. Jake Moore, global cybersecurity adviser at Eset, explained that such ripple effects are “typical” following large-scale cyber incidents.
“It’s typical for similar companies in the same sector to become secondary targets after a huge cyber attack,” said Moore. He noted that the ransomware strain identified in the M&S breach, known as DragonForce, is widely available on the dark web through so-called “ransomware-as-a-service” models. That availability makes it easy for other threat actors to replicate attacks.
“Other hacking groups are also able to attempt their luck on similar businesses and start demanding ransoms where possible.”
According to Moore, businesses that fail to install timely security updates leave themselves especially vulnerable. “Attacks involving the DragonForce ransomware most commonly start by targeting known vulnerabilities, such as attacking systems that have not been kept up to date with the latest security patches.”
AI Fuels Hacking Capabilities
Cody Barrow, CEO of cybersecurity firm EclecticIQ, warned that the threat is only intensifying, driven in large part by rapid developments in artificial intelligence. “Coming on the heels of recent breaches at Co-op and M&S, it highlights an alarming trend: attackers are becoming increasingly opportunistic.
What’s deeply concerning is generative AI is accelerating the threat landscape. Barrow pointed to the rising prevalence of sophisticated phishing attacks, deepfakes, and adaptive malware—tools that are increasingly accessible to even the most inexperienced cybercriminals. This widespread access to advanced attack tools is driving up attack volume, speed, and complexity,” he said.
Are the Attacks Connected?
While it’s not yet confirmed whether the same group is behind all three attacks, reports have linked the M&S breach to a group known as Scattered Spider. However, no official attribution has been made.
Toby Lewis, head of threat analysis at Darktrace, said the incidents may share a common factor—be it a technology provider or a software vulnerability. Alternatively, he suggested that the M&S attack may have prompted heightened scrutiny across other retail IT systems.
“We shouldn’t rule out that the three incidents… are coincidence. However, with the information publicly available… either a common supplier or technology… has been breached and used as an entry point… or the scale of the M&S incident has prompted security teams to relook at their logs and act on activity they wouldn’t have previously judged a risk,” said Lewis.
Lewis warned that the difficulty in managing these threats underscores a growing challenge for large organisations dealing with complex, interconnected supply chains.
“It’s a lesson again in the growing difficulty large organisations have in securing against threats in their supply chain, particularly as those threats grow in volume and sophistication.”
The M&S cyberattack has set off alarms across the UK’s retail sector, pushing companies like Harrods and Co-op into swift action to protect their systems.
With ransomware strains like DragonForce readily available and AI tools making attacks more accessible and effective, experts say the threat landscape is only getting darker. Retailers must remain on high alert—because in this game of digital chance, hackers are more than willing to try their luck.
