When you picture a food shortage, what comes to mind as a possible rationale? For most, the answers range from poverty, to conflict, to drought, to high rates of population growth. Is our food system so fragile that ransomware could really catalyze a shortage? Due to the automation involved in modern supply chains, it already has.
An Easter weekend ransomware ruse resulted in empty shelves within the Netherlands’ supermarkets. Major food shortages occurred due to a ransomware attack, not on the supermarket conglomerates themselves, but on a key supplier. The affected organization turned to pen and paper while restoring digital systems. As a result, orders trickled in at a slower rate than usual and processes that are typically automated suffered from time lags.
Items missing from shelves included packaged cheese. Grated cheese, sliced cheese, cream brie…etc. “Cheese deliveries were reportedly held up for three days, creating a backlog of orders and supermarket shortages”.
The affected group successfully restored systems from backups and recovery time clocked in at under seven days. Customers can once again easily place orders. Store shelves are being refiled.
Exchange server entry point
Reports indicate that attackers may have accessed the affected enterprise by way of the Microsoft Exchange Server. The infamous ProxyLogon vulnerability may have been exploited. However, expert investigative analysis continues through the time of writing. Dutch authorities received notice of the attack.
The affected company stated that security was in good order when the attack occurred. “But we would like to learn from this crisis. It is an ongoing rat race between the people who build our information systems and the criminals who [we] want to avoid them,” said a spokesperson.
Ransomware and BEC
In December of 2020, non-profit firm Identity Theft Resource Center (ITRC) noted that cyber criminals vying for financial information are increasingly eschewing traditional breach methodologies. Rather, they’re relying on ransomware and Business Email Compromise (BEC), due to the substantive payouts.
For more on the food shortage in Dutch supermarkets, visit Infosecurity Magazine