Starbucks and several major UK supermarkets have experienced disruption due to a ransomware attack on prominent supply chain software provider Blue Yonder. The company disclosed the incident on Thursday, November 21, and it was still restoring services the following Monday.
The disruption to the Blue Yonder platform prevented Starbucks from paying its baristas and managing their schedules, according to the Wall Street Journal. As a result, cafe managers had to manually calculate their employees’ pay using their scheduled shifts, leaving a greater margin for error as actual hours worked may not line up.
Sainsbury’s and Morrisons, two of the UK’s biggest supermarket chains, were also affected, according to the trade magazine The Grocer. Sainsbury’s said it had contingency plans in place to mitigate any disruption and had restored all operations by Monday, as per TechCrunch.
SEE: Software supply chain collapses 200%
‘Termite’ claims responsibility, although the investigation remains ongoing
Ransomware group Termite claimed responsibility for the attack in a post on its dark web leak site Cyber ​​Security Dive. It claims to have 680GB of Blue Yonder data.
Termite targeted organizations in France, Canada, Germany, Oman and the US using “notorious” Babuk ransomware, according to a security notice from Broadcom. The group exfiltrates sensitive data while encrypting files, adding a distinctive ‘.termite’ extension, and threatening to leak stolen information if the ransom is not paid.
The group targeted Blue Yonder’s managed services environment, but its Azure public cloud was not affected. Blue Yonder brought in outside cybersecurity firms to address the incident and says that “a significant majority of (its) affected customers have had their service restored.” But as of December 12, the investigation is still ongoing.
Morrisons returned to a back-up system to run its warehouses but said the attack had affected the flow of goods to its stores. One of its suppliers said refrigerated orders had been canceled on Friday because of the incident, and the supermarket expected availability of some convenience and wholesale products to drop to as low as 60%.
On December 11, Starbucks confirmed Cyber ​​Security Dive that its Blue Yonder-based employee scheduling platform was back in service.
SEE: Paying ransom should be your last resort, says cyber security expert
Supply chain, ransomware attacks are on the rise
In recent years, supply chain attacks have become a growing concern in the cybersecurity landscape. The attacks on SolarWinds, Log4j and Codecov are notable attacks. Supply chain attacks are particularly attractive to cybercriminals because they offer multiple rewards for a single breach.
Thirty-one percent of organizations experienced a software-as-a-service data breach in the past 12 months, an increase of 5% over the previous year, according to AppOmni.
SEE: Number of active ransomware groups highest on record
This surge can be linked to insufficient visibility of the increasing number of deployed applications. According to Onymos, the average enterprise now relies on more than 130 SaaS applications compared to just 80 in 2020.
Last year, British Airways, the BBC and Boots were all served with an ultimatum after being hit by a supply chain attack by ransomware group Clop. Clop exploited an SQL injection vulnerability in popular business software MOVEit and gained access to its servers to steal business data.
Ransomware attacks are also on the rise. Microsoft reported a 2.75-fold increase in ransomware attempts this year, while the second quarter of this year saw the highest number of active ransomware groups on record. Indeed, artificial intelligence can lower the barrier to entry to these attacks, increasing the pool of individuals who can do so.
Global ransom payments exceeded $1 billion for the first time in 2023. “Big game hunting,” where groups go after large organizations and demand ransoms of more than $1 million, is increasing in prevalence, and affected organizations are often asked to pay.
================
BSB UNIVERSITY – AI – IT SOLUTIONS
AISKILLSOURCE.COM
