Yet another high-profile company has been hit with a cyber-attack that is causing a major disruption to its business. Brewing company Molson Coors agreed last Thurs. that it has “experienced a systems outage that was caused by a cyber-security incident,” ststes a Form 8-K filed with the US SEC.
The multinational brewing company did not comment as to what type of incident caused a ‘systems outage,’ but it is investigating & working to get networks back online.
The company did not say exactly what type of attack has caused widespread issues across its entire business — including its brewery operations, production & shipments — but because of recent major attacks on other major companies, security experts believe that it could have been a ransomware attack.
Forensic IT Firms
Molson Coors has used forensic IT firms & legal counsel to investigate & “is working around the clock to get its systems back up as quickly as possible,” according to the filing.
The company operates 7 breweries & packaging plants in the US, as well as 3 in Canada & 10 across Europe. It produces several brands of beer in addition to its namesake, e.g., Blue Moon, Miller Lite & Pilsner Urquell.
Ransomware Attack
“High-profile attacks are becoming all too common, as attackers have realised they are immensely more profitable when they target large organisations & disrupt their critical business operations — in this case, the brewing operations of the world’s biggest, well-known beer brands,” observed Edgard Capdevielle, CEO at Nozomi Networks.
Although the company has not released any specific details of the attack, given the seriousness of the disruption & recent cyber-attack activity, “it could be ransomware,” he observed.
Tony Lambert, Intelligence Analyst at Red Canary, noted that the impact of ransomware of operations like Molson Coors can be much more damaging than it would be for other kinds of companies.
Manufacturing Process
“For manufacturing organisations, ransomware poses a major threat to data & system availability,” he commented “Not only do corporate systems lose access to data systems managing the manufacturing process may come to a halt as well, preventing the successful production & even delivery of products.
This obviously presents a huge problem for companies that sell the products: Every hour their lines are down can mean major profit losses.”
Incident Response
This type of situation should be put into an organisation’s incident response & business-continuity plans, Capdevielle added: “Beyond a technical response, decision-makers need to be prepared to weigh the risks and consequences of alternate actions.”
Those actions could be both from Molson itself — i.e., paying the ransom, which security experts discourage — or further bad activity by attackers, e.g. dumping information obtained from the attack online or maintaining an enduring presence on a system.
Ransomware Attacks 2021
Some ransomware groups have been active recently, with several large organisations becoming a victim, & suffering disruption due to the attack.
Some of these ransomware attacks have happened within the last month. For example, the Spanish State Employment Service (SEPE) was recently hit by a Ryuk ransomware attack, suspending its communications systems across 100s of offices & delaying 1,000s of appointments. Kia Motors was also disrupted by a ransomware attack in Feb. for which attackers Doppel Paymer took credit.
General Motors, Heinz & Home Depot
West Rock – the 2nd-largest packaging company in the US, that has General Motors, Heinz & Home Depot as customers also had its business disrupted by a ransomware attack in February. In addition, Finnish IT giant Tieto EVRY also was a victim of a ransomware attack in Feb..
Known ransomware groups that have been blamed for recent attacks include Doppel Paymer & Ryuk; the Clop ransomware gang, which was linked to recent global zero-day attacks on users of the Accellion legacy File Transfer Appliance product; & Hello Kitty, which is suspected to be behind the attack of CD Projekt Red — the videogame-development company behind Cyberpunk 2077 — which also happened in Feb.
Chinese
Another likely culprit for the Molson Coors attack could be related to a deluge of attacks by Chinese, & other advanced persistent threat (APT) groups, on recently patched Microsoft Exchange vulnerabilities. The defects are under attack from at least 10 different APTs, all wishing to compromise email-servers worldwide, with researchers seeing a Tsunami of exploitation.
To avoid cyber-attacks from taking down entire operations & causing significant business disruptions, Capdevielle made some cyber-security best-practice suggestions, including strong segmentation, user training, proactive cyber-hygiene programs, multi-factor authentication & the use of continuously updated threat intelligence, he concluded.
https://www.cybernewsgroup.co.uk/virtual-conference-april-2021/