Those who work in cyber security are increasingly being asked this question by the managers of a company hit by a malware attack with often unpleasant consequences.
In recent days I was struck by a linkedin post by Piero Lezzi by Swascan which I report here:
′′ January #2021 #cyberattack main techniques analysis, conducted by #hackmageddon.com, puts #malware attacks first with 36,1 %.
These attacks occur via:
- Exploit technical vulnerabilities at the perimeter
- Social Engineering
Approximately 82% of these attacks are known and known. To be clear: The target is not the company but the vulnerability. #cybercrime is by opportunity and not by target. Where to start? The analysis of the technological risk and the training and awareness of the employees are the indispensable starting point”.
I then asked Piero Iezzi for a further comment, with particular reference to the OT/Industrial Cyber Security world and here are his words:
"The target is not (more and only) the company but the vulnerability. #cybercrime is by opportunity and not by target. This becomes a universal paradigm for any type of Industry and business, but - if possible - even more valuable in the context of #OT. The changes in manufacturing environments due to wireless, 5G and IIoT technologies are ushering in a new era of flexibility, productivity and control. At the same time, however, these innovations expand the threat landscape (and perimeter). Every single new "piece" can represent a potential flaw, we must act accordingly by imposing the best Cyber security best practices, solutions and technologies at every level based on the tripartite approach of predictive, preventive and proactive security".
Precisely with reference to this scenario, again in the last few days, we found the news on specialized websites and press that the US brand Molson Coors saw a large Brewery go to a standstill with interruption of production, bottling and shipments with a considerable impact also from the point of financial view, as evidenced in SEC reports being a publicly traded company. Molson Coors, with revenues of nearly $12 billion in 2020, is one of the largest beer and beverage producers in the US.
(see also here: Molson Coors says cyberattack disrupted beer brewing (cyberscoop.com) e Molson Coors Cracks Open a Cyberattack Investigation | Threatpost )
In the aftermath of this incident, Molson Coors engaged computer forensic firms and legal advisers to investigate and is currently "working around the clock to restore its systems as quickly as possible," according to the SEC report.
The company operates seven breweries and packaging plants in the United States, three in Canada and ten in Europe (including one in Italy). It produces several brands of beer in addition to its namesake, including Blue Moon, Miller Lite, and Pilsner Urquell. Molson Coors Beverage Co. is the fifth largest brewing group in the world, after purchasing the Roman brewery Birradamare in 2017, it is also developing its presence on the Italian market.
There is talk of a probable ransomware attack: although the company did not release details on the incident, it did however say that "it could be ransomware", given the severity of the outage and the following cyber attack activity suffered.
“High-profile attacks are becoming all too common as attackers have realized how much more profitable they can be when they target large organizations and disrupt critical business activity – in this case the brewing and shipping of one of the largest and most well-known beer brands in the world,” noted Edgard Capdevielle, CEO of Nozomi Networks, in an email to Threatpost editors. Nozomi products for OT cyber security are distributed and supported by ServiTecno.
Molson Coors isn't the only major brewery to be hit by a significant cyberattack. Last year, Australian beer distributor Lion experienced a shutdown of its IT systems, which slowed down all operations. Canada's Waterloo said it lost $2,1 million in a social engineering attack. Without forgetting the ramsomware in Campari last December 2020.
Fortunately today in ServiTecno we have tools, technologies and methodologies capable of reducing exposure to attacks and capable of drastically reducing any damage to networks and plants in production.
And here I return to the gloss made by Piero Iezzi in his post that I have reported above:
“Where to start? Technological risk analysis and employee training and awareness are the indispensable starting point. LET'S NOT LEAK OUR GUARD! “
PS Of course I thank Piero Iezzi, Cybersecurity Director and CEO at Swascan, for his availability and undoubted professionalism.
But what is a cyber vulnerability?
A computer vulnerability can be considered as a component of a computer system, in which security measures are absent, reduced or compromised, so as to represent a weak point of the system and allow compromising the security level of the entire system . Vulnerabilities can be CVE (common vulnerabilities and exposures), i.e. standardized vulnerabilities (assessed according to severity using the CVSS) and 0 days, i.e. vulnerabilities not yet standardized (usually particularly serious).
Given their potential impact on a huge number of computer systems, non-standardized vulnerabilities can be paid astronomical sums on the black market, we are talking about figures of over €XNUMX million.