
Protect Your Business from the Growing Cyber Threats of 2025
Recent cyberattacks on major UK retailers, including Harrods, Marks & Spencer (M&S) and The Co-op, have highlighted a concerning trend: cybercriminals are increasingly targeting businesses of all sizes, not just large corporations.
How the Attacks Happened
Hackers were believed to be part of the Scattered Spider the notorious cybercrime group although a separate group called DragonForce has claimed credit for the intrusions. It is believed that the hackers employed social engineering tactics to deceive IT help desks into resetting employee passwords. The attackers impersonated staff members, leveraging personal data obtained through social media. Once inside, they disrupted operations, leading to empty store shelves, halted online orders, and payment issues.
The group was suspected of breaching M&S systems as early as February 2025 and remained undetected for weeks, allegedly stealing the Windows domain’s NTDS.dit file—a sensitive database containing user credentials. They are also believed to have used ransomware to encrypt parts of M&S’s infrastructure.
Scattered Spider Also called UNC3944, Octo Tempest or Muddled Libra is reportedly known for employing advanced social engineering tactics, including phishing and multi-factor authentication (MFA) fatigue attacks, to infiltrate large organisations. Phishing tricks users into revealing sensitive information, while MFA fatigue involves bombarding users with repeated login requests in hopes they’ll approve one out of frustration or confusion.
The Co-op confirmed that customer data such as names and contact details were accessed, though no financial information was compromised. Co-op narrowly avoided being locked out of its systems completely. M&S faced significant disruptions, including suspended online orders and reliance on backup data for recovery, which experts warn may take months.
Whilst this news story has faded a bit with time – it is less well known that smaller distributors to the UK’s major supermarkets were also affected. A Shepton Mallet based chilled food transporter that supplies supermarkets including Tesco, Sainsbury’s, and Aldi said it was being held to ransom by cyber hackers. A ransomware attack is when hackers encrypt a victim’s data and lock them out of computer systems, demanding payment to hand back control to the victims. This company is relatively small compared with larger UK food distributors (such as GXO) and the supermarkets themselves. Proving that hackers will not just target well-known names.
Why Your Business could be at Risk
Cybercriminals target firms of ALL sizes trying to exploit vulnerabilities in businesses security infrastructure. A significant weakness is human error, such as falling for phishing emails or using weak passwords. Additionally, many businesses lack robust cybersecurity measures, making them attractive targets for attackers.
How to Protect Your Business
At BlueZeon, we recommend the following steps to safeguard your business:
- Staff Training: Educate employees on recognising phishing attempts and the importance of cybersecurity practices.
- Modern Anti-Virus and Ransomware Software: Implement up-to-date security software to detect and prevent threats.
- Multi-Factor Authentication (MFA): Require MFA to add an extra layer of security to your systems.
- Regular Backups: Ensure critical data is backed up securely and regularly, with at least one backup stored offline.
- Secure Password Practices: Enforce strong password policies and encourage the use of password managers.
By taking these proactive measures, you can significantly reduce the risk of a cyberattack and protect your business from potential harm.
If you would like assistance in implementing these security measures or have any questions, please don’t hesitate to contact BlueZeon.