This one to be specific:
WooCommerce admins targeted by fake security patches that hijack sites
It is a phishing campaign, attacking the popular WordPress plugin WooCommerce, exploiting admins and their credentials with malicious security patches the admins think they must have – again a classic bit of threat actor social engineering:
However I could not ignore the ongoing cyber attacks against UK retail stores.
Now Harrods
Harrods – the luxury London store – has had to restrict its online operations due to an undisclosed cyber issue. They are telling customer not to do anything yet.
Harrods latest retailer to be hit by cyber attack – BBC News
The incidents at the Co-op and M&S are ongoing.
Your Takeaway
The headline is misleading – the ransom is not for the current M&S attack – but this is a good article, by Graham Fraser, to read to get some understanding of what other organisations have had to go through durring a ransomware attack or other cyber incident.
‘They wanted $4m’: Lessons for M&S from other cyber attacks – BBC News
Here is my advice on ransomware:
I will finish with a quote I picked out of the comments section of the BBC’s article.
Clive Catton MSc (Cyber Security) – by-line and other articles
