Thousands of UK companies 'could have M&S-style hackers waiting in their systems'

Tens of thousands of British businesses could have hackers waiting inside their systems - all because of a change in the business model of hacking.

Luxury fashion brand Dior is the latest retailer to announce that some of its customer data has been stolen by attackers, and M&S is still suffering the effects of an attack that started in April.

On Tuesday, the British retailer revealed customer data had been stolen, although "usable" payment details and passwords were not taken.

Online shopping remains unavailable at M&S and recruitment has been paused while the company tries to get the effects of the attack under control.

Co-op appears to have narrowly avoided a full-blown crisis by spotting criminals in its network and shutting down its operations, and Harrods also revealed it recently fended off hackers trying to exploit its systems.

Although the attacks have not been connected by investigators, the increasing number of high-profile incidents could be down to a change in the hacking market, according to Dr Harjinder Lallie.

"It's just frightening," said Dr Lallie, a university reader in cybersecurity at the University of Warwick, to Sky News.

"I've been in cybersecurity for 26 years - I've never known a time like this."

The criminals behind DragonForce, a powerful suite of tools that hold companies hostage until they pay a ransom, recently changed their business model.

"They moved to a model which we refer to as 'ransomware-as-a-service'.

"If I'm Dragon Force, I'll say to you: 'You can use my very, very powerful tools to conduct the attack, and you can keep 80% of everything you collect, as long as I get 20% of it.'" explained Dr Lallie.

That means wannabe-hackers "no longer need the technical know-how" to launch an attack, he said.

Instead, they can just buy the software on dark-web forums that operate like any online marketplace, complete with vendor ratings.

Evidence of the DragonForce ransomware has reportedly been found in the M&S attack already.

Read more from climate, science and technology:
M&S says customers' personal data taken by hackers
AIs can make collective decisions and influence each other
Warning of heat impact on pregnant women and newborns

In attacks like M&S's, criminals enter a business's networks, usually after tricking someone into letting them in, and then spend some time learning everything they can, including potential vulnerabilities and how the network is configured.

"Tens of thousands of businesses up and down the UK probably have hackers inside their network already and just don't know about it, I'm afraid," said Dr Lallie.

"I don't want to scaremonger, but that is how it is working. They're sitting in your network, waiting to the point where they can attack."

Adding to the problem is artificial intelligence, said Professor Manos Panaousis, professor of cybersecurity at the University of Greenwich.

"Most of cybersecurity attacks are social engineering attacks," he said. Social engineering attacks are when a criminal tricks a user into letting them into systems.

"With the use of generative AI, social engineering gets better."

"If you put ransomware-as-a-service and generative AI together, they lower the barrier to the barrier to entry [...] and you get more sophisticated attacks."

(c) Sky News 2025: Thousands of UK companies 'could have M&S-style hackers waiting in their systems'