Molson Coors brewing operations disrupted by cyberattack:
The Molson Coors Beverage Company has suffered a cyberattack that is causing significant disruption to business operations.
Molson Coors is well-known for its iconic beer brands, including Coors Light, Miller Lite, Molson Canadian, Blue Moon, Peroni, Killian's, and Foster's.
In a Form-8K filed with the SEC today, Molson Coors disclosed that they suffered a cyberattack on March 11th, causing significant disruption to their operations, including the production and shipment of beer.
"On March 11, 2021, Molson Coors Beverage Company (the "Company") announced that it experienced a systems outage that was caused by a cybersecurity incident. The Company has engaged leading forensic information technology firms and legal counsel to assist the Company's investigation into the incident and the Company is working around the clock to get its systems back up as quickly as possible.
"Although the Company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the Company's business, including its brewery operations, production, and shipments," Molson Coors disclosed in the Form-8K filing.
This is thought to be a ransomware attack.
(Score: 1) by hemocyanin on Friday March 12 2021, @07:40AM
https://www.youtube.com/watch?v=oMI23JJUpGE [youtube.com]
(Score: 2) by FatPhil on Friday March 12 2021, @07:53AM (3 children)
Pale lager - the product companies care so much about, they're even prepared to let their competitors make it for them.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by Eratosthenes on Friday March 12 2021, @08:28AM (1 child)
In other words, nothing of value was lost? Isn't Adolph Coors long dead?
(Score: 3, Interesting) by FatPhil on Friday March 12 2021, @10:08AM
The brewery I'm a part owner of does have a shareholder-accessible database, and if the (actively maintained OSS) engine they use were to have security flaws, it could create havoc with all kinds of business operations - everything from billing to CRM. Fortunately, not production, that's a separate system (and one we shareholders don't have access to - damn, I wanted to create my own recipes!). So in some ways this is a bit of a scary story, I wouldn't want it to happen to us!
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Friday March 12 2021, @12:56PM
She bought a 6 of Coors Light yesterday...to make beer stew, and eventually other cooking uses.
What, you thought we drank that stuff?
(Score: 5, Insightful) by Thexalon on Friday March 12 2021, @03:21PM (1 child)
Molson Coors is in the midst of a substantial labor dispute [www.cbc.ca] right now. They apparently started advertising for scabs to cross the picket lines for 3 weeks, and then locked out the unionized work force. Which leads to some possibilities that wouldn't normally be the case:
1. Any disgruntled union member might be encouraging cyberattacks. I doubt the union leadership would be dumb enough to be involved in a criminal conspiracy themselves, but I wouldn't be surprised if they didn't do anything to dissuade their members from posting stuff online that encouraged somebody to do something like this.
2. Outsiders sympathetic to the union's cause might have decided to do this all on their own in an effort to support the union and harm management.
3. The temporary work force makes it easy for criminals to sneak in an insider, and the lack of the usual work force means that any insider probably has access to a bunch of stuff they wouldn't normally have as a temp, and definitely means that an insider wouldn't have the same level of supervision a new hire would have.
As for the beer: Lots of "sex in a canoe"-tier brands in that list. I find Killian's OK, but would much rather enjoy what's coming out of my local microbrew scene which has a good variety of reasonably priced and not super-hopped options.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 0) by Anonymous Coward on Saturday March 13 2021, @03:15AM
I know this isn't what you meant, but it's a fun story anyway,
https://www.nytimes.com/2018/07/26/magazine/how-to-have-sex-in-a-canoe.html [nytimes.com]
If you are paywalled, try this, https://archive.is/6uDzt [archive.is]
(Score: 3, Touché) by HiThere on Friday March 12 2021, @03:21PM (7 children)
Coors beer was already so bad that I can't understand why they invested in automated controls. It seemed that they were bad in order to be cheap, and it doesn't require fancy controls to make bad beer quickly. Perhaps they were concerned lest any flavor besides dead yeast get into the beer.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 2) by RS3 on Friday March 12 2021, @05:08PM (6 children)
You imply a good question, and the answer is complex / multi-layered. Why does a toaster, refrigerator, light bulb, need a microprocessor? Or even worse, to be Internet connected? Sometimes things are just plain overdone. Sometimes, and for many reasons, people apply the highest available technology just because they can.
All that said, I recently started working as a plant engineer in a food and beverage factory, and you might be surprised at how complex the many processes are. To run at the speed, precision, and repeatability, especially considering FDA requirements, these machines do is not even close to possible by hand (emphasis on speed). There are many separate processes, each with it's own controller (PLC)- mainly because they're built that way by individual companies. In some cases they're interconnected for overall control and monitoring, but not everything is (yet).
All that said, and as an IT person, I wouldn't directly connect the systems to the Internet. My design would have the PLCs and SCADA (overall control / monitoring) on a separate network, and airgap the whole thing. Someone can use a USB drive (or similar), or maybe a well firewalled intermediate internal network to get database data from SCADA to and from Internet facing systems (if it's necessary at all...)
(Many of our beverage production managers are ex Coors production managers).
(Score: 2) by Fnord666 on Friday March 12 2021, @08:57PM
The Iranians thought that was sufficient as well. Their centrifuges were air gapped which is why the attack had to be transmitted via USB [wikipedia.org].
(Score: 0) by Anonymous Coward on Saturday March 13 2021, @12:31AM (3 children)
Enabling USB drives on your network is worse than Internet access.
(Score: 2) by Immerman on Saturday March 13 2021, @02:50PM (2 children)
Bad? Perhaps - it does make you vulnerable to sabotage, but it someone has physical access they have lots of other options.
Worse? Definitely not. The problem with an internet connection is it exposes you to every bad actor on the planet, from the comfort of their living room, and with the protection of international bureaucracy even if they get "caught".
(Score: 0) by Anonymous Coward on Saturday March 13 2021, @10:40PM (1 child)
Worse, from a cybersecurity perspective. There are more tools available to restrict/monitor/log/protect internet traffic, in & out. But if every user is allowed to connect a flash drive or "just charge" their phone, then you're putting yourself into more of a reactive scramble after the event occurs.
(Score: 2) by Immerman on Saturday March 13 2021, @11:25PM
If you're talking desktop computers running a common OS you have a good point.
But we're talking industrial automation. If the machines have USB ports at all, they're probably somewhere out of the way for firmware updates. Even assuming they're easily accessible (e.g. to load new programs on a CNC machine) so typical employees could use them to charge their phone, an attacker would have to know exactly what sort of system it's dealing with to be able to launch an attack. Most of them probably don't even have an OS, just control software running on bare metal, and the only way to attack them would be to manually initiate a file read of a compromised data file in whatever format that specific machine uses.
Attacking such a system non-interactively is a nightmare - whereas attacking it interactively over the 'net is vastly simpler since you can easily adapt your strategy to whatever you discover you're dealing with.
(Score: 2) by Immerman on Saturday March 13 2021, @03:08PM
Agreed. There are *extremely* few situations where you'd want to expose your automated hardware to the internet. Tie it all together on an isolated internal network, sure. But virtually none of the equipment is likely to have security worth beans - connect it to the internet and you've painted a giant bullseye on your production line. And with control of physical equipment there's often an enormous amount of physical damage that can be done quickly and easily - to both hardware and workers.
If someone needs both automation control and internet access - put two computers on their desk. Computers are cheap.
Honestly though, it seems like virtually no-one outside of IT has any real appreciation for the extreme vulnerability introduced by connecting things to the internet, even when they have it spelled out to them in small words. It's getting to the point where I just throw up my hands, warn them they're sitting on a ticking time bomb, and go about fixing whatever issue they called me in for. If they don't care enough to listen to the warnings of experts, they kind of deserve what they get.
(Score: 0) by Anonymous Coward on Friday March 12 2021, @05:23PM (1 child)
I thought that came from Australia
(Score: 0) by Anonymous Coward on Saturday March 13 2021, @02:54AM
Back in the seventies it was, but then it turned into the shitty beer we sold to foreigners, then they sold the whole brand.
The plebs here drink VB. The snobs drink some imported shit, and I drink Cascade. [cascadebrewing.com]
(Score: 2) by edIII on Friday March 12 2021, @07:35PM
Panem Et Circenses
The cyberattacks against the military industrial complex didn't rile people up. The ones that embarrassed the executive classes and 1% only served to provide fodder for late night talk shows. The ones that illuminated how abused the American people are (Snowden et al) kind of shocked, but still didn't do anything to truly awaken the populaces anger. The ones that showed the military flat our murdering innocent people got a big yawn.
You take away the power, Internet, and beer though..... you will have another Pearl Harbor. If the people can't have their modern bread and circuses, they will revolt. Wasn't that dictator in Africa finally taken out over literally the lack of bread?
Although I don't drink, and IIRC, isn't Coors equated with drinking donkey piss or something? It's like they're testing for weaknesses and getting closer :)
Technically, lunchtime is at any moment. It's just a wave function.
(Score: -1, Flamebait) by Anonymous Coward on Friday March 12 2021, @08:25PM
If you run Windows in your company you are an incompetent moron, have no integrity, and deserve to get "hacked".