This Week in Cyber 9th May 2025

Analyst Insight

This week in cyber, we have seen the knock-on impact of UK retailers disrupted by cyber-attacks, with M&S, Co-op and Harrods being the targets of the ongoing campaign. We are seeing disruptions to in-store operations as well as online, causing significant financial impact to the retailers. The NCSC urges organisations to reconsider the security measures of their IT helpdesks, as this was how the threat actors initially breached the retailers. Many researchers have attributed the attacks to the notorious Scattered Spider group, due to similar tactics, techniques and procedures displayed by the threat actors.

We have also seen great efforts by European authorities seizing another six popular DDoS-For-Hire services, making it more difficult to flood websites and servers with malicious traffic. NSO Group has been ordered to pay $167M in damages to Meta this week, after being found conducting unauthorized surveillance of WhatsApp users. We have seen the UK Government further improving their cyber defences, by planning to adopt passkeys throughout GOV.UK services. Read more in Telesoft’s This Week in Cyber.

Cyber Attack Disrupts Operations at Co-op Stores Across the UK

Co-op stores across the UK are experiencing significant disruptions following a major cyber attack. This incident has resulted in empty shelves and delays in deliveries, impacting the availability of essential goods such as fresh produce and sandwiches. Reports indicate that hackers have compromised personal data belonging to 20 million customers, leading Co-op to deactivate critical computer systems to prevent further harm. Co-op's chief executive wrote to members on Monday, reassuring that a 'limited amount' of data had been stolen by hackers. The National Cyber Security Centre and the National Crime Agency are currently investigating the situation. Co-op is actively working to restore normal operations and improve security protocols to avert future incidents.

NCSC Warns of IT Help Desk Impersonation Scams Against UK Companies

The National Cyber Security Centre has urged UK companies to review the security of their IT help desks to reduce their chances of getting hacked. This was prompted after the Co-op, Harrods and M&S attacks last week, where the threat actors used employees with elevated privileges to gain access to their systems. Organisations are strongly advised to:

Enable 2-step verification (MFA).

Monitor for unauthorized account misuse.

Verify high-privilege account access.

Review helpdesk password reset processes.

Identify atypical logins eg. from VPNs.

Respond to threat intelligence quickly. 

UK Government Services to Adopt Passkey Technology

At the CYBERUK 2025 conference, the UK government announced plans to implement passkey technology across all GOV.UK digital services by the end of 2025. This new system will replace the current SMS-based two-factor authentication, which is vulnerable to phishing attacks, like adversary-in-the-middle. Passkeys are cryptographic credentials stored on users' devices and authenticated through biometrics like facial recognition or fingerprints, offering enhanced security against phishing and credential theft. The initiative aims to improve cybersecurity and user experience by eliminating the need to remember complex passwords or wait for SMS codes. The UK government is partnering with One Identity and their OneLogin product to achieve this. The National Health Service has already adopted passkeys, processing over one million authentications monthly. The National Cyber Security Centre (NCSC) is also developing passkey support for its myNCSC platform, expected to be available later this year.

To further its commitment to secure authentication, the UK government has joined the FIDO (Fast IDentity Online) Alliance, an association dedicated to shaping password-free authentication standards. This membership will allow the government to actively participate in evolving passkey standards, keeping the UK at the forefront of cybersecurity innovation. AI and Digital Government Minister Feryal Clark emphasized the broader impact of this initiative, stating that “This shift will not only save users valuable time when interacting with government online, but it will reduce fraud and phishing risks that damage our economic growth.”

NSO Group Ordered to Pay $167M After Developing WhatsApp Spyware

Cyber-intelligence firm NSO Group, primarily known for its proprietary spyware Pegasus, has been ordered to pay $167M in damages to Meta after its spyware was found to be targeting WhatsApp users.  “Six years ago, we detected and stopped an attack by the notorious spyware developer NSO against WhatsApp and its users, and today, our court case has made history as the first victory against illegal spyware that threatens the safety and privacy of everyone.” stated Meta. Meta highlighted that WhatsApp was not the only target for Pegasus spyware, many other installation methods were found exploiting other companies technologies. The court's decision underscores the importance of protecting user data from unauthorized surveillance.

Polish Authorities Seize Six DDoS-For-Hire Services, leading to arrests

A DDoS-for-hire service facilitates cybercriminals with the ability to launch distributed denial of service attacks to flood websites and servers with malicious traffic, knocking them offline. This week, Polish authorities have seized six DDoS-for-hire services facilitating widespread attacks on schools, government services, businesses, and gaming platforms between 2022 and 2025. “The platforms offered slick interfaces that required no technical skills. Users simply entered a target IP address, selected the type and duration of attack, and paid the fee - automating attacks that could overwhelm even well-defended websites.” the EUROPOL article states. The operation also led to the arrest of four administrators of the services.