Tesco has apologised to customers for the inconvenience caused when its online grocery website and app went down over the weekend.
Both were reported to be down for more than 24 hours – following a hack that Tesco says affected the search function on the website. The supermarket says that it has no reason to think the customer data it holds has been affected by the event, and it is now working to make sure that data stays safe.
A Tesco spokesperson says: “Our online grocery website and app are now back up and running. Our teams have worked around the clock to restore service, and we’re really sorry to our customers for the inconvenience caused.”
The Tesco attack is not unusual. Nearly three-quarters of organisations have had a DNS (domain name system) attack in the last year, with distributed denial of service (DDoS) among the top three associated threats, according to a new survey from the Neustar International Security Council (NISC). The study, carried out in September of this year, questioned 302 professionals with informed knowledge of cybersecurity issues from six EMEA and US markets. It found that 72% of respondents reported having a DNS attack in the previous 12 months. Of those, 61% had experienced more than one attack, while 11% had been regularly hit.
A third of respondents recovered within minutes, but 58% said their businesses had been disrupted for more than an hour, and 14% took several hours to recover. The study also found that 92% of organisations said their website was vital to business continuity and customer fulfilment, while 16% operate entirely from their website. Only 8% feel they would be able to run their businesses without their website up and running, while 56% say their website has a major role in day-to-day activity. Three in 10 say they are very confident of being prepared for a DNS attack.
“Organisations are challenged to keep pace with emerging security threats in an increasingly borderless digital landscape,” says Michael Kaczmarek, vice president of product management for Neustar Security Solutions. “Although some attack vectors may not be as visible or pose as imminent a threat as others, it is clear bad actors will exploit any vulnerability they can find sooner rather than later, and they will cost organisations valuable time, resources and business.
“To manage DNS security, organisations need to continuously analyse the DNS traffic leaving their organisation, make sure they maintain good hygiene and access controls for DNS related accounts and most importantly, implement DNSSEC.”
The study found different methods of attack, with significant groups affected by each of DNS hijacking (47%), DNS flood, reflection or amplification (46%), DNS tunnelling (35%) and cache poisoning (33%).
Tesco is an Elite retailer in RXUK Top500 research.
