Staff at the Co-op are being ordered to keep their cameras on during remote work meetings, and verify all attendees, as the company deals with an ongoing cyber attack.
In an internal email to the 70,000 members of staff at the supermarket, funeral service and insurance company, workers are being urged to be vigilant as IT teams work to ensure hackers aren’t inside their systems.
“Don’t record or transcribe Teams calls”, the instructions say.
It disclosed on Wednesday that it had shut down parts of its IT systems in response to hackers attempting to gain access.
It comes as supermarket Marks & Spencer (M&S) struggles with a major ransomware attack. It is not known if the hacks are linked.
Cyber security consultant Jen Ellis says the email implies that Co-op is worried about the presence of hackers.
“Reminding employees to keep their cameras on during conference calls is one way of enabling work to continue while ensuring that everyone is really who they claim to be, and no one unexpected is participating in calls,” she told the .
On Wednesday, the company said it was taking “proactive measures” to fend off the attack which it said had had a “small impact” on its call centre and back office.
But the internal email shows the company has shut off all remote access.
No internal applications that require a VPN (Virtual Private Network) can be logged into from home and workers are being told to go to a Co-op location if they need to access work tools.
They are also being urged not to post any sensitive information into Teams chats and to report any suspicious messages or emails.
The internal email was first reported by ITV News and confirmed by Co-op to the .
Co-op is insisting that the cyber attack is under control and that all measures are “proactive”.
In the past, cyber criminals have accessed internal messaging systems of companies including Uber and Rockstar Games to spy on communications and post ransom demands.
These kinds of tactics were used by a group called Lapsus$ which was made up of English speaking teenagers – two of whom were arrested and convicted in the UK in 2023.
The attack against M&S is being linked to a potential spin of from Lapsus$ known as Scattered Spider which has been responsible for high profile hacks against MGM Grand casino and Transport for London (TfL).
As part of TfL’s response to its cyber attack all staff had to report to security teams in person to ensure that the hackers were fully kicked out of IT systems.
The incident that has crippled M&S is a ransomware attack using the DragonForce cyber crime service.
The Metropolitan Police confirmed it is looking into the cyber attack at M&S.
“Detectives from the Met’s cyber crime unit are investigating,” it said in a statement.
M&S has also reported it to the National Cyber Security Centre (NCSC).
The understands the body is urging other retailers to be vigilant but it’s not thought that retailers are a specific target.
An NCSC spokesperson said: “The NCSC routinely engages with a whole range of organisations about the cyber threats that the UK faces and regularly reminds them about the steps they can take to be as resilient as possible.”
