The Marks & Spencer Cyberattack: A Powerful Reminder to Backup Your Data Securely

This week, Marks & Spencer (M&S), one of Britain’s most trusted retailers, was hit by a major cyberattack that caused chaos across its operations. Online orders were suspended, contactless payments in stores failed, and the company lost around £700 million in market value almost overnight.

This attack highlights a critical truth: no matter how big or established a business is, it can still be vulnerable to cybercriminals. And it’s a strong warning that every business — and individual — must protect their data properly.

What Happened at Marks & Spencer?

The attack was carried out by a hacking group called Scattered Spider. Shockingly, most of the group’s members are believed to be teenagers, some based in the UK and USA. Despite their young age, they managed to break into M&S’s systems using a type of malware known as ransomware — specifically, a version called DragonForce.

Ransomware works by encrypting a company’s data, making it completely inaccessible unless a ransom is paid to the hackers. Once infected, companies can face days or even weeks of shutdowns, customer disruption, and major financial loss — exactly what M&S experienced.

Why This Attack Should Worry Everyone

If a massive company like Marks & Spencer, with all its resources, can be successfully attacked by teenagers, it shows just how sophisticated and dangerous cyber threats have become.

These hackers often don’t need to break complicated security — they rely on human error, stolen passwords, or weaknesses in systems. That’s why having strong security and reliable, secure backups is so important.

The Critical Importance of Air-Gapped Backups

One of the most effective ways to protect yourself or your business from ransomware attacks is by using air-gapped backups.

An air-gapped backup is a copy of your data that is completely offline, stored separately from your main systems. It is not connected to the internet, and not connected to your regular network — meaning hackers can’t touch it, even if they breach your main systems.

In a ransomware attack, if you have air-gapped backups, you can wipe your infected systems clean and restore everything from a safe, untouched copy — without having to pay the hackers a penny.

Make Your Backups Even Stronger

It’s not just about having a backup — it’s about protecting your backups properly:

• Use Different Login Credentials:
  The systems you use to store backups must have completely different usernames and passwords from your normal business systems. If hackers steal your usual passwords, they won’t automatically have access to your backups.

• Store Backups Offline:
  Don’t rely only on cloud backups. If a hacker gains access to your cloud provider, your backups could also be encrypted or deleted. Always keep at least one physical, offline copy.

• Test Your Backups Regularly:
  Having a backup is useless if it doesn’t work. Regularly test that you can restore your data quickly and completely.

• Educate Your Staff (or Yourself!):
  Many cyberattacks start with phishing emails or scams. Make sure everyone who uses your systems knows how to spot suspicious activity.

• Work with Cybersecurity Experts:
  If possible, bring in professionals such as LoopBackup.com to assess your risks and strengthen your defenses.

Final Thoughts

The Marks & Spencer cyberattack is a real-world example of how quickly a company’s operations can be thrown into chaos — and it didn’t take a team of expert hackers. It took teenagers, working across the UK and USA, using simple but effective techniques.

No business or individual can afford to ignore these risks anymore.
By setting up secure, air-gapped backups and protecting them with different login credentials, you can make sure that even if you are attacked, you can recover quickly without paying a ransom or losing critical data.

Don’t wait until it’s too late. Start securing your data today.

What Google Doesn’t Back Up — And Why It Matters

In our digital age, many of us rely heavily on cloud services to store our files, photos, and important data. Google, with its vast array of services — from Gmail to Google Drive and Google Photos — has become synonymous with data storage. However, while Google is a powerful tool for backing up and syncing our digital lives, it’s crucial to recognize what this tech giant does not back up and why this information can have significant implications for users.

What Google Doesn’t Back Up

1. Deleted Files and Emails One of the most crucial aspects of any backup system is the ability to restore deleted items. While Google does offer a Trash feature for Google Drive and Gmail, files and emails that are deleted from there are not indefinitely backed up. Once you purge the Trash, they are permanently gone. This means that a critical document or cherished email can disappear in the blink of an eye if not properly managed.

2. Local Files Many users might think storing files on Google Drive automatically backs them up. However, files stored solely on a computer (outside of Google Drive) are not backed up to Google’s cloud. If your local drive fails or is accidentally wiped, and you haven’t transferred those files to Google Drive or another service, they will be lost.

3. Third-Party App Data Google provides robust services, but it doesn’t back up data from third-party applications connected to your Google Account. For example, if you use apps for budgeting, health tracking, or photo editing that integrate with Google services, their data isn’t automatically backed up by Google. If those apps shut down or experience technical issues, users could lose valuable information.

4. Account Settings and Preferences Your preferences, settings, and personalized configurations on various applications or services are generally not backed up. If you suddenly find yourself needing to reset or switch accounts, you could lose hours of carefully curated settings that enhance your work or personal experience.

5. Google Tasks and Keep Notes While both Google Tasks and Google Keep allow you to take notes and manage tasks, they don’t have as long of a backup history as other Google services do. If you accidentally delete a note or task, it may not be recoverable.

6. Physical and Email Data Outside Google If you rely on physical documents or information stored in other email accounts outside of Google, you need to have a plan for backing that up separately. Google doesn’t back up any data that isn’t integrated into its ecosystem.

Why It Matters

Understanding what Google does not back up is essential for several reasons:

1. Data Loss Risk Users may mistakenly think their data is completely secure in the cloud. Knowing the limitations encourages a more vigilant approach to data management, prompting individuals to create additional backups or use alternative solutions to safeguard important files.

2. Compliance and Legal Issues For businesses, not having a backup strategy for critical documents may lead to compliance failures or loss of valuable corporate knowledge. Depending on your industry, this could have legal ramifications if sensitive data is lost due to a lack of proper backup.

3. Psychological Assurance Knowing what is at risk helps users feel more in control over their digital lives. When people understand the limitations of Google’s backup capabilities, they can proactively take steps to mitigate risks and better protect their data.

4. Improved Backup Strategies Recognizing Google’s backup limitations can prompt users to adopt a multi-faceted backup strategy that includes local storage, external drives, or other cloud services. Diversification helps ensure they are covered if one service fails.

Conclusion

While Google is a powerful ally in managing our data, users must remain aware of the limitations of its backup capabilities. The digital landscape is ever-evolving, and data loss can occur in numerous ways—whether through accidental deletion, technical malfunctions, or reliance on third-party applications. By understanding what Google doesn’t back up, individuals and businesses alike can adopt more comprehensive strategies for safeguarding their invaluable information. By taking these proactive measures, you can empower yourself to navigate the complexities of digital life with confidence.

A Simple Guide to Chrome Extension Syncjacking Attacks

What Is a Syncjacking Attack?
A “syncjacking” attack is a way hackers can take control of your Google Chrome browser—often by tricking you into installing a harmful browser extension. Once installed, it can eventually allow an attacker to steal your data, disable security protections, and even take over your entire device.

1. How Attackers Set Things Up

1. Register a Domain & Create a Google Workspace Account

   • The attacker gets a domain name (like example.com) and sets up Google Workspace on it.
   • They turn off two-factor authentication (2FA) so it’s easier for them to gain control later.

2. Create & Publish a Fake Extension

   • A web browser extension is made to look harmless.
   • The attacker uploads it to the Chrome Web Store.

3. Trick the Victim into Installing the Extension

   • Hackers use phishing emails or other deceptive methods to send the extension link to their targets.
   • Because the extension only asks for “normal” permissions, most people assume it’s safe and install it.

2. How the Attack Unfolds

1. Stealing the Profile

   • After some time, the extension secretly connects to the attacker’s domain and grabs the victim’s Chrome credentials.
   • This lets the attacker log the victim into an account they (the attacker) control.

2. Disabling Security Measures

   • Once the victim’s browser is linked to the attacker’s managed account, the attacker can switch off or weaken security settings.
   • This makes it even easier for the hacker to gain deeper control.

3. Convincing the Victim to Sync

   • The attacker opens Chrome’s real support page about “sync” inside the browser.
   • They use the malicious extension to change the text on that page, tricking the victim into turning on sync.
   • When the victim does this, all their Chrome data (passwords, bookmarks, browsing history) is sent to the attacker’s account.

4. Taking Over the Browser and Device

   • By making the victim’s browser a “managed” browser, the hacker can control it remotely.
   • Eventually, they can use these privileges to take control of the entire computer.

3. Why This Attack Is Dangerous

• Minimal Effort Required: Hackers don’t need advanced social engineering; a small amount of trickery is enough to get the extension installed.
• Hard to Detect: Normal security scans can miss these extensions because they only request low-level permissions and run within the browser.

4. How to Protect Yourself

• Keep an Eye on Browser Extensions

  • Only install extensions from trusted sources.
  • Regularly check your extensions list to remove anything you don’t recognize.

• Use Security Tools That Understand Browser Behavior

  • SquareX, which reported this attack, recommends using a security solution that monitors how each extension behaves in real-time.
  • Such tools can spot malicious actions, even if the extension itself looks innocent at first.

• Stay Updated

  • Make sure your operating system, browser, and antivirus software are all up to date.
  • These updates often include fixes for newly discovered security flaws.

• Watch for Official Guidance

  • Google may release more information or patches to prevent these attacks. Keep an eye on official updates or statements.

In Summary:
Chrome extension syncjacking is a sneaky way attackers can trick you into installing a bad extension that eventually grants them access to all your browsing data—and more. Being cautious about what you install, staying informed, and using the right security tools are the best ways to avoid becoming a victim.

Protect Google Directory With A External Backup

Although Google Workspace provides a reliable cloud-based directory service, backing up Google Directory externally is crucial for security, compliance, and operational continuity. Below are the key reasons:

1. Protection Against Accidental or Malicious Deletion

• If an admin or employee accidentally deletes users, groups, or organizational structures, the data may not be easily recoverable.
• Malicious actors (disgruntled employees or hackers) could modify or delete critical user information.
• Google offers limited retention and recovery options, so external backups ensure full restoration capability.

2. Google’s Limited Retention and Recovery

• Google provides some recovery options, but they are time-limited:
  • User accounts: Can be restored within 20 days of deletion.
  • Group data: May not have built-in restoration capabilities.
  • Organizational Unit (OU) structures and settings may not be recoverable.
• Beyond these limits, data is permanently lost, making an external backup critical.

3. Business Continuity in Case of Service Outages

• Google outages (though rare) can temporarily block access to the directory, preventing authentication and disrupting workflows.
• An external backup allows access to user details even when Google Workspace is down, ensuring business continuity.

4. Compliance and Legal Requirements

• Many industries (finance, healthcare, government) require organizations to maintain independent data backups for compliance (e.g., GDPR, HIPAA, SOC 2).
• External backups allow organizations to retain records beyond Google’s default policies and restore data if needed for audits or legal disputes.

5. Protection Against Ransomware and Cyber Threats

• While Google Workspace is generally secure, phishing attacks and account takeovers can lead to unauthorized changes or deletions.
• Having an external backup ensures that even if Google accounts are compromised, user data can be restored.

6. Prevent Vendor Lock-in & Data Migration Flexibility

• If a business decides to switch from Google Workspace to another platform, an external backup simplifies migration.
• This prevents dependency on Google for long-term data retention.

Best Practices for Backing Up Google Directory

1. Use Third-Party Backup Tools

   • Tools like SpinBackup, Backupify, or Afi.ai automate directory backups.

2. Export Directory Data Regularly

   • Use Google Admin SDK, Google Cloud Identity API, or Google Takeout to export directory data periodically.

3. Store Backups Securely

   • Save backups in encrypted cloud storage (AWS, Azure, private cloud) or on-premise servers.
   • Ensure access controls to prevent unauthorized modifications.

4. Test Restoration Processes

   • Regularly verify that backups can be restored effectively to prevent unexpected failures during emergencies.

Conclusion

While Google Workspace offers robust infrastructure, relying solely on Google for user directory data storage is risky. External backups provide an extra layer of security, ensure compliance, and protect against data loss due to errors, attacks, or service outages. Every organization should have a backup strategy in place to safeguard its Google Directory.

Google Directory in Google Workspace

Google Directory is a component of Google Workspace (formerly G Suite) that serves as a centralized directory for managing user information, groups, shared contacts, and organizational units within an organization. It is primarily used for identity management and collaboration.

Key Features of Google Directory

1. User Management

   • Stores information about users in an organization (e.g., names, email addresses, job titles, departments).
   • Admins can add, update, or remove users.
   • Helps in managing authentication and access control.

2. Groups and Distribution Lists

   • Organize users into groups for easier communication and access management.
   • Set permissions for Google Drive, Google Calendar, and other apps.
   • Use groups for email distribution lists.

3. Organizational Units (OUs)

   • Structure users into different departments or teams.
   • Apply different policies and security settings per unit.

4. Shared Contacts

   • Maintain a directory of external vendors, partners, and clients.
   • Allows employees to access shared contact information.

5. Integration with Google Services

   • Users can quickly find colleagues via Gmail, Google Chat, and Google Calendar.
   • Auto-populates user suggestions in various Google apps.

6. Admin Controls & Security

   • Administrators can set access policies, such as who can view the directory.
   • Supports Single Sign-On (SSO) and Multi-Factor Authentication (MFA).
   • Integrated with Google Admin Console for easy management.

Where Can You Access Google Directory?

• Google Admin Console → admin.google.com
• Google Contacts → contacts.google.com
• Gmail & Google Calendar (Auto-complete for organization contacts)

Who Can Use Google Directory?

• Admins: Manage user accounts, groups, and policies.
• Employees: Look up colleagues and groups for collaboration.
• Developers: Use the Google Directory API for automation and custom integrations.

Common Use Cases

✅ Find employees easily – Users can search for colleagues without needing to manually save contacts.
✅ Manage access to apps and files – Set permissions based on user roles or groups.
✅ Automate user provisioning – Sync with HR systems for onboarding/offboarding.
✅ Set security policies – Restrict access based on organizational needs.

Overview of Cookie (Session) Hijacking
Cookie (or session) hijacking occurs when an attacker obtains a user’s valid session cookie—often called a “session token”—and uses it to impersonate the legitimate user. Once logged in, web applications typically keep users authenticated by referencing the session token within subsequent requests. If a malicious actor steals (or forges) that token, they can trick the server into thinking they are the logged-in user.

How Cookie Hijacking Affects 2FA
Two-Factor Authentication (2FA) is supposed to add an extra layer of security beyond passwords. However, once a legitimate user has successfully passed 2FA, the server sets a session cookie that identifies them as authenticated. If that cookie is hijacked:

1. Bypassing the Login Process

   • Normally, to access an account, you need a username, password, and the one-time code (2FA).
   • But if the attacker has the session cookie, they can skip all these steps. The server simply “sees” the session token and assumes the user has already passed 2FA.

2. Limited 2FA Checks

   • Many web applications request 2FA only at the initial login. Afterward, they rely on session cookies to confirm the user’s identity.
   • This means attackers who hijack a valid session cookie effectively bypass any 2FA challenges as long as the session remains active.

3. Extended Attack Window

   • If session tokens last a long time (e.g., “Remember Me” features or poorly managed session timeouts), attackers can use these stolen cookies for extended periods, even after the user logs out—if the token is not invalidated on logout or properly refreshed on re-authentication.

Common Ways Attackers Hijack Cookies

1. Network Sniffing: If a user visits a site over an unencrypted connection (HTTP instead of HTTPS) on public Wi-Fi, an attacker can eavesdrop on the traffic and steal session cookies.
2. Cross-Site Scripting (XSS): A vulnerability in a website’s code that lets the attacker run malicious scripts in the victim’s browser. These scripts can extract session cookies.
3. Session Fixation: The attacker forces a known session ID onto the user. After the user logs in, the attacker uses that same session token to access the account.
4. Malware or Keyloggers: Malicious software on a user’s device can read local storage or cookies directly from the user’s browser.
5. Phishing & Social Engineering: Tricking users into sending their session cookie or session token to an attacker-controlled site.

Why This Makes You Vulnerable

• 2FA is rendered ineffective if the attacker obtains the session token after you’ve authenticated. The entire point of 2FA is to prove your identity at login—but once you’re logged in, the cookie does that for you.
• Users often assume 2FA alone keeps them safe, but security depends on the entire chain (secure connections, proper session management, XSS prevention, and so forth). Any weakness in these areas can undermine 2FA.
• Attackers can move quickly and often invisibly: Once they have the cookie, the legitimate user might not even know their session is being shared.

Protecting Against Cookie Hijacking

1. Use HTTPS Everywhere: Ensures session cookies aren’t exposed in plaintext.
2. Set Secure & HttpOnly Flags:
   • Secure Flag: Ensures the cookie is only sent over HTTPS.
   • HttpOnly Flag: Prevents JavaScript from directly reading the cookie, mitigating some XSS attacks.
3. Short Session Lifetimes & Idle Timeout: Minimizes how long a hijacked session can remain valid.
4. Re-verify Sensitive Actions: Prompt the user for 2FA (or at least re-check credentials) when performing high-risk actions (e.g., changing passwords, transferring funds).
5. Monitor Active Sessions: Allow users to see active sessions and revoke suspicious ones.
6. Implement Proper Logout: Invalidate the server-side session on logout, so old tokens won’t work.
7. Beware of XSS: Patch vulnerabilities that allow attackers to run malicious code in your site’s context.

Key Takeaway:
Cookie session hijacking compromises an authenticated session by stealing its identifying token. Once an attacker has that valid token, 2FA no longer protects the account during that session. Good security practices—such as enforcing HTTPS, setting cookie flags, implementing short session lifetimes, re-checking 2FA for sensitive actions, and protecting against XSS—are critical to prevent attackers from bypassing 2FA through session hijacking.

27th September 2023

Storing backups within the same environment or system they originate from can expose organizations to a number of risks. Using Microsoft Office 365 as an example, here’s an explanation of why backing up your data back to the same Microsoft environment is not the best idea:

1. Single Point of Failure: Storing backups in the same location as the original data means that both primary and backup data can be compromised simultaneously. If there’s a catastrophic event, such as a natural disaster that affects Microsoft’s infrastructure or a significant system failure, both your primary data and backups might become inaccessible.

2. Security Risks: While Microsoft Office 365 has robust security measures, no system is entirely immune from security breaches. If a hacker gains access to your Office 365 account, they might also access backups stored in the same environment. Keeping backups offsite or in a separate environment can ensure that even if your primary data is compromised, you still have access to a secure copy of your information.

3. Ransomware Concerns: Ransomware attacks, wherein cybercriminals encrypt data and demand a ransom for its release, have become increasingly common. If your backups are stored in the same environment, they can also be encrypted by the ransomware, rendering them useless when you most need them.

4. Data Sovereignty and Compliance: Some regulations and industry standards require that backups be stored in specific ways or in specific locations. Backing up within the same environment might not meet these requirements, potentially causing compliance issues for businesses.

5. Limited Access and Restore Capabilities: Storing backups in the same environment can mean that restoring data, especially granular data, may be more cumbersome. A specialized backup solution may offer quicker, more flexible restore options, allowing businesses to minimize downtime after a data loss event.

6. Versioning and Retention: Specialized backup solutions often offer advanced versioning and retention policies, ensuring that you can access previous versions of files and data from specific points in time. Relying on in-environment backups might not offer the same breadth of historical data.

7. Over-reliance on a Single Vendor: Relying on Microsoft for both primary data storage and backup can create a scenario of over-dependency. Diversifying backup storage can protect businesses from potential future changes in pricing, policies, or service levels from a single vendor.

To mitigate these risks, many organizations opt to use third-party backup solutions to store backups in separate environments and locations such as Loop Backup for Microsoft Office 365. This ensures that, in the face of data loss or compromise, they have secure, uncompromised copies of their critical business data to restore from.