Co-op cyber attack: Staff told to keep cameras on in meetings

The Co-op, a well-known supermarket and service provider, has recently instructed its employees to keep their cameras on during virtual meetings as a precaution against an ongoing cyber attack. This directive was communicated through an internal email sent to the company’s 70,000 staff members, urging them to remain vigilant while the IT teams work diligently to secure the company’s systems from potential hackers. The email specifically advised employees not to record or transcribe any calls made through Microsoft Teams, highlighting the seriousness of the situation. On Wednesday, the Co-op disclosed that it had taken the step of shutting down certain parts of its IT systems in response to the hacking attempts. This incident coincides with another major cyber attack affecting Marks & Spencer, which has led the retailer to remove all job advertisements from its website. It remains unclear whether the two cyber incidents are connected. Cyber security consultant Jen Ellis commented on the situation, suggesting that the Co-op’s email indicates a heightened concern regarding the presence of hackers. She explained, 'Reminding employees to keep their cameras on during conference calls is one way of enabling work to continue while ensuring that everyone is really who they claim to be, and no one unexpected is participating in calls. ' On the same day, the Co-op stated that it was taking proactive measures to fend off the attack, which it claimed had a small impact on its call center and back office operations. However, the internal email revealed that the company had completely disabled remote access, meaning that employees could no longer log into internal applications that require a VPN from home. Instead, they were instructed to visit a Co-op location if they needed to access work tools. Additionally, employees were advised against sharing any sensitive information in Teams chats and were encouraged to report any suspicious messages or emails they might receive. The internal email was first reported by ITV News and later confirmed by the Co-op to the BBC. The Co-op has reassured its employees that the cyber attack is under control and that all measures being taken are proactive. Historically, cyber criminals have infiltrated the internal messaging systems of various companies, including Uber and Rockstar Games, to spy on communications and demand ransom payments. A group known as Lapsus$, which consisted of English-speaking teenagers, was responsible for some of these attacks, with two members arrested and convicted in the UK in 2023. The ongoing attack against Marks & Spencer is believed to be linked to a potential offshoot of Lapsus$ called Scattered Spider, which has been implicated in high-profile hacks against organizations such as MGM Grand casino and Transport for London (TfL). In response to its own cyber attack, TfL required all staff to report to security teams in person to ensure that hackers were completely removed from their IT systems. The incident affecting Marks & Spencer is characterized as a ransomware attack, utilizing the DragonForce cyber crime service. The Metropolitan Police have confirmed that they are investigating the cyber attack on Marks & Spencer, stating, 'Detectives from the Met's cyber crime unit are investigating. ' Furthermore, Marks & Spencer has reported the incident to the National Cyber Security Centre (NCSC). The BBC understands that the NCSC is advising other retailers to remain vigilant, although it is not believed that retailers are being specifically targeted. A spokesperson for the NCSC stated, 'The NCSC routinely engages with a whole range of organizations about the cyber threats that the UK faces and regularly reminds them about the steps they can take to be as resilient as possible.