.jpg)
Highlights
Marks & Spencer suffered a major cyberattack by Scattered Spider, involving credential theft, data exportation, and ransomware. This breach breakdown outlines what happened and what could have helped prevent the attack.
Breach breakdown
In April 2025, Marks & Spencer (M&S) was hit by a serious cyberattack, and not by amateurs. The group behind it, known as Scattered Spider (also known as UNC3944 or Octo Tempest) has a track record. They’ve already taken on major U.S. giants like Caesars Entertainment and MGM Resorts.
Our team has done a deep dive into what happened and, more importantly, how businesses like yours can stay protected.
.png)
How they got in
Scattered Spider used smart, targeted phishing emails and impersonated IT staff to trick people into handing over their credentials. They even used a tactic called "MFA fatigue", which consisted of spamming employees with repeated login requests until one was mistakenly approved.
Threat intelligence researcher, Lontz reported on suspected Scattered Spider infrastructure (see figure 2), involving fake domains designed to mimic legitimate login pages of well-known websites. A spoofed company login page could have been created to get access to M&S employee login details.
.png)
What happened after they got in
Initial access to M&S systems is believed to have been as early as February. Once in, the attackers used stolen administrative credentials to deploy legitimate remote administration tools (RATs). This gave them ongoing control over key systems (including employee devices), helping them stay hidden while moving through the network.
Here's what they did:
- Installed remote desktop access tools like AnyDesk and TeamViewer - the same kind real IT teams would use
- Moved around through different M&S’s internal systems to grab as much data as possible
- Targeted critical assets like password databases and user credentials
Finally, they created secret access points, hidden accounts, and scheduled tasks to make sure they could stay inside the company's network without getting noticed.
The attack
On April 24, Scattered Spider launched the DragonForce ransomware attack on M&S’ VMware ESXi servers, encrypting virtual machines that powered key systems for e-commerce, payment processing, and logistics (see figure 3).
.png)
As a result, M&S had no choice but to shut down key systems entirely (including online orders and contactless payments), and call in top cybersecurity experts from CrowdStrike, Microsoft, and Fenix24 to contain the damage and start the recovery process (see figure 4).
.png)
What this means for you
While M&S is a major player, the tactics used in this breach aren’t just for corporations, they work just as well against small businesses. Groups like Scattered Spider rely on common tools and stolen identities to gain trust and slip past normal security. The key lesson? Always verify the people and systems you rely on, whether they’re inside your team or external partners.
What you can do to improve cybersecurity for your business
5 quick wins to protect your business
- Train your team – teach employees to spot dodgy emails, spoofed links, and sketchy login pages.
- Use strong passwords – create long, complex passwords that include a mix of uppercase and lowercase letters, numbers, and special characters. Never reuse passwords across different accounts.
- Enable multi-factor authentication (MFA) – this adds an extra layer of security beyond just a password.
- Stay vigilent – do not open email attachments or click on links unless you are certain of their legitimacy. If you have any doubts, report the email to your security team immediately.
- Report suspicious activity fast – if you receive unexpected MFA prompts, suspicious login alerts, or calls requesting your credentials, report them to your security team as soon as possible.
Additional information
Tell us about yourself so we can serve you best.
Got a question?
More articles
At this year’s PropTech Connect conference in London, one message stood out. Landlords and property managers want technology that is practical and helps them stay competitive in a changing market.
Here are three trends we found most interesting:
1. Flexible, modular solutions beat one-size-fits-all platforms
Tenants today expect more from their offices, move-in ready spaces, the freedom to choose their providers, and contracts that fit their lease terms. That means landlords can’t rely on rigid, all-in-one platforms that don’t adapt as requirements evolve.
This is why landlords and operators are looking for specialist partners who provide modular solutions that integrate smoothly with other building systems. This gives landlords the flexibility to upgrade or switch partners without overhauling everything, and ensures tenants get the experience they expect.
2. Landlords need building tech designed around real users
A recurring frustration across the sector is that technology is often designed by consultants and delivered by contractors, yet it rarely aligns with the practical needs of those managing the building. Too often, property teams are left with systems that look impressive on paper but don’t work in practice. They need partners to understand the operational needs of their buildings in practice, not just on paper.
For landlords, investing in solutions that match day-to-day building operations not only improves usability but can also save money. Technology partners who understand what property managers and operators actually need (not just what looks good in a spec sheet) are essential for avoiding costly inefficiencies
3. Smarter use of existing infrastructure can cut costs and increase efficiency
Not every operational improvement requires new hardware. Many buildings already have the tools in place to generate useful data. Wi-Fi access points are a good example. These can be used to anonymously track space utilisation, footfall, and occupancy trends.
This data can help landlords and operators:
- Allocate bandwidth to the busiest areas.
- Adjust heating, lighting, and cleaning schedules based on actual usage.
- Optimise leasing strategies by understanding how tenants really use the space.
Are you looking for commercial technology solutions?
Vorboss can support your entire digital infrastructure: connectivity, pre-fibering, managed IT, and cybersecurity, all from a single provider. Through our acquisition of Layer8, we can help you automate building management and make day-to-day operations easier and more efficient.
.png)
Internet connectivity is the lifeblood of modern businesses, powering operations, communication, and growth. But not all “fibre” connections are created equal.
All connections use fibre at some level, but performance, reliability, and guarantees vary depending on the underlying network. Choosing the right type of connection now can save downtime, frustration, and cost in the future.
In this guide, we'll explore key factors when selecting the ideal business internet provider to keep you connected and thriving.
Understand the connection types
Here’s a quick comparison of the three main fibre-based connections available to businesses:
FTTC and FTTP may work for small teams or low-risk work, but DIA is the only connection built for business-critical reliability, speed, and consistent performance.
Ask yourself these questions
Before comparing providers, clarify your internal needs:
- How critical is uptime for your business operations?
- Which teams rely heavily on cloud apps, video conferencing, or large file transfers?
- How much bandwidth do we need now, and how much will we need in 2–5 years?
- Are upload speeds as important as download speeds for our workflows?
- Would temporary downtime cause financial or reputational damage?
This self-assessment helps you match connection types to your business requirements.
.jpg)
.jpg)
