UNFI, North America's largest grocery distributor, halted deliveries after a cyberattack disrupted operations for 30,000 retail locations:
United Natural Foods Inc. (UNFI), North America's largest grocery distributor and the primary supplier for Whole Foods Market, has been forced to halt deliveries and take systems offline after a crippling cyberattack. The breach, discovered in early June, has disrupted operations across its network of 30,000 retail locations, raising alarms about the vulnerability of the nation's food supply chain to digital threats.
The Rhode Island-based company confirmed in a June 9 regulatory filing that unauthorized access to its IT systems triggered emergency protocols, including shutting down critical infrastructure. "The incident has caused, and is expected to continue to cause, temporary disruptions to the Company's business operations," UNFI stated, adding that it is working with law enforcement and cybersecurity experts to restore functionality.
UNFI's outage has left grocery retailers scrambling. Steve Schwartz, director of sales for New York's Morton Williams chain, told The New York Post, "It's bringing the company to a standstill with no orders generated and no orders coming in." The chain relies on UNFI for staples like dairy products and bottled waters, forcing it to seek alternative suppliers. Smaller businesses, like bakeries dependent on UNFI deliveries, face even steeper challenges.
[...] UNFI insists it has implemented "temporary workarounds" to mitigate customer disruptions, but the timeline for full recovery remains unclear. The company's stock fell 8.5% following the announcement, reflecting investor unease.
Also at CNN, TechCrunch and Bloomberg.
(Score: 4, Insightful) by bzipitidoo on Thursday June 12, @07:16PM (3 children)
IT security works. Encryption works. Nearly every case of a security breach arises from humans getting careless, sloppy, or cheap, and not spending the necessary effort and expense to maintain security.
Zero-day exploits are rare. If an exploit is the opening that was used, it's more likely to be one that's been known for years, and fixed long ago, not something new. It's a case of the users never having updated their systems with the fixes.
The other major possibility is user error. A password was leaked. Someone fell for a social engineering attack. Or, more likely, people were using weak passwords, and reusing passwords, and at least one was cracked. The barely computer literate will settle on one weak password and use it everywhere. Then, when that is compromised, they'll scream bloody murder and howl for the heads of all those evil hackers, as if it took supergenius intelligence to figure out that the password was the name of their pet dog Rover, with maybe a "12345" appended.
Part of what they're doing is of course trying to cover their own behinds, trying to avoid the very much justified accusation that they didn't take security seriously enough. In the biggest cases, this gets blown up into a major news story that feeds computer illiterates' fears of IT professionals. Plenty of these sorts care only about their own precious behinds, and do not care if this ends up dragging a few innocent computer professionals into court to defend themselves from hysterical accusations.
(Score: 2) by DannyB on Thursday June 12, @08:37PM (2 children)
Of course, you can take security seriously and spend serious money on it. Require strong passwords. Require all workstations throughout the corporate network to use a company owned private VPN to connect to corporate network -- with two factor authentication. Yes, I know it is annoying each day to have to log in. And that VPN expires your connection after a number of hours that is a bit longer than a work day. Require password changes every few months. This is an automated procedure only requiring human intervention (other than the person who must change their password) if someone gets themselves locked out of their system.
So you can have everything very secure and locked down. And then . . .
Clown Strike. . . er, uh . . . I meant . . . Crowd Strike strikes. Bringing down millions of systems across all industries, and not even as the result of an act of malice.The server will be down for replacement of vacuum tubes, belts, worn parts and lubrication of gears and bearings.
(Score: 5, Informative) by Anonymous Coward on Friday June 13, @12:57AM (1 child)
> Require password changes every few months.
This is known to result in crap passwords and is disallowed for government contracts according NIST security requirements.
(Score: 3, Informative) by DannyB on Friday June 13, @02:01PM
Set the password complexity policy to not allow crap passwords.
The server will be down for replacement of vacuum tubes, belts, worn parts and lubrication of gears and bearings.
(Score: 3, Interesting) by JoeMerchant on Thursday June 12, @10:09PM
https://mashable.com/article/google-down-cloudflare-twitch-character-ai-internet-outage [mashable.com]
🌻🌻🌻 [google.com]