The world has gone nuts
Taking over today’s mainstream headlines is the forthcoming shortage of KP Snack foods including Hula Hoops, McCoys, Peanuts (Salted or Dry Roasted, alas not Jungle Fresh like Golden Wonder back in the day) and possibly to save you time even the King of nuts, Cashews.
By way of a small diversion, if you have ever wondered why the Cashew is expensive, you might want to have a look at how they grow. It’s crazy. Remember we traverse these rabbit holes of curiosity to save you time!
It seems that KP Snacks have been the target of a successful Ransomware attack which has scrambled data and impacted production quite seriously. The attackers have published personal documents from staff with the company letterhead and are promising to publish more stuff unless a ransom is paid.
Why did this data encryption impact production or logistics? The attack has apparently trampled all over its IT and communications systems and both supply and demand chains cannot be processed and fulfilled.
As our regular reader, our friends and our families know (at boring length), the Tiberium team has quite a bit of experience in the Fast Moving Consumer Goods (FMCG) space – front and back office, counterfeiting, theft and fraud, manufacturing systems, the whole shebang.
Obviously availability is an issue for any business, however the knock on impact of a production failure in a large FMCG facility can have serious knock on effects. Many FMCG manufacturing facilities are located in or near towns – when they were first built they were a local manufacturer and are now part of Mahoosive Corp. Manufacturing techniques and automation mean that the same sites now produce much more product, requiring more materials and therefore significant amounts of supply traffic in and shipped goods out.
When production is halted, there will be a significant number of vehicles left in limbo which can cause issues approaching Operation Stack proportions in towns and cities. These eventualities are planned for and tested in business continuity and recovery planning and shared with local authorities, nonetheless serious issues can arise.
And then of course there is the reputational damage. With more column inches than a potential war with Ukraine, it is hard to put into words what can happen if you come between a Brit and his/her/their Hula Hoops or Skips.
We do not know if the attack impacted the manufacturing side of the business but since attacks against FMCG manufacturers are very much on the rise (remember Reckitt Benckiser?), they must be a target and are often poorly defended. Network segregation and access to the manufacturing (SCADA) control systems is a black art in itself, which we would be more than happy to discuss over a beer, if that sort of thing floats your boat.
From the documents that are being released on the deep dark web, it appears that the back office systems were most certainly RansomeWared, so it is more more than likely that a Phishing attack or breach of an unpatched Internet facing system (probably named after a Lord Of The Rings character and been in place since the dawn of time and nobody knows what it does, too scared to turn it off) was the vector.
When protecting against RansomWare attacks, especially after a breach, it is very common for businesses to go all in with a niche dedicated product, what with the sudden availability of budget. What is often overlooked is the total cost of ownership of a new technology, the training, the resources, the patching, the jollies, sorry conferences, in Vegas/Barcelona etc.
Tiberium’s managed services FROST and MYTHIC, as part of our very rapid on-boarding process, configure your Microsoft systems to best practice and can configure many other features that minimise your risk of suffering a successful Phishing attack using out of the box functionality. MYTHIC customers also benefit from threat hunting services by our crack team of magnifying glass wielding specialists, together with advice about your environment.
We would very much like to show you what we do and how, it is really very worthwhile. To arrange a demo and chat, please contact us.
While you are trying to get over the shock of the forthcoming Hula Hoop shortage, we would like to draw your attention to a fantastic piece of research from Sophos which concerns SolarMarker, a backdoor and information-stealing malware that was initially detected in late 2020.
Sophos has identified that the distribution of the Malware was via Search Engine Optimisation poisoning with a dodgy PDF being served up at the top of the advertised content. Whilst this technique is fairly common, SOPHOS was surprised by the effectiveness of this campaign, which although not currently active has done its dirty work, leaving bad stuff dormant or running the world over.
They also call out some novel directory, filename and registry techniques, which make for great reading.
This is exactly the sort of activity that our genius threat hunters will find and destroy, although for older attacks like this managed service customers will already protected by our frequent, timely service updates to include new Indicators Of Compromise.
Once again, don’t take our word for it, arrange a demo.
Now the tune. Snack Attack is a song by the mighty Godley and Creme.
It includes the line: ‘Good God it’s a Snack Attack’. Sure is.
