Starbucks and several major U.K. supermarkets experienced disruption due to a ransomware attack on the prominent supply chain software provider Blue Yonder. The company disclosed the incident on Thursday, Nov. 21, and it was still working to restore services the following Monday.
The disruption to the Blue Yonder platform prevented Starbucks from paying its baristas and managing their schedules, according to the Wall Street Journal. As a result, cafe managers had to manually calculate their employees’ pay using their scheduled shifts, leaving a larger margin for error as actual hours worked may not line up.
Sainsbury’s and Morrisons, two of the largest supermarket chains in the U.K., were also impacted, according to trade magazine The Grocer. Sainsbury’s said it had contingencies in place to mitigate any disruption and had restored all operations by Monday, as per TechCrunch.
SEE: Software Supply Chain Attacks Up 200%
Morrisons reverted to a backup system to manage its warehouses but said the attack impacted the flow of goods to its stores. One of its suppliers said that chilled orders were cancelled on Friday due to the incident, and the supermarket anticipated that the availability of some convenience and wholesale products could drop to as low as 60%.
The cyberattack targeted U.S.-based Blue Yonder’s managed services-hosted environment, but its Azure public cloud was unaffected. Blue Yonder brought in external cybersecurity firms to address the incident, but so far, it has not been able to establish a timeline for restoration.
Blue Yonder, acquired by Panasonic in 2021, provides an end-to-end supply chain platform for managing warehouses. It can also be used for demand forecasting and automated ordering.
The company calls several other high-profile businesses its customers, including U.K. supermarket giants Tesco and Asda, DHL, Walgreens, Philip Morris, and Carlsberg. None of these companies has admitted to being impacted so far, and there is also no information about the type of data that the ransomware group accessed from victims.
At the time of publication, no ransomware group had claimed responsibility for the hack. This could suggest that Blue Yonder conceded to their demands, as attackers often don’t admit their involvement or leak data in that case.
SEE: Paying ransom should be your last resort, cybersecurity expert says
Supply-chain, ransomware attacks are on the rise
In recent years, supply-chain attacks have become a growing concern in the cybersecurity landscape. The attacks on SolarWinds, Log4j, and Codecov are notable ones. Supply-chain attacks are especially attractive to cybercriminals because they offer multiple rewards for a single breach.
Thirty-one percent of organisations experienced a software-as-a-service data breach in the last 12 months, a 5% increase over the previous year, according to AppOmni. This surge may be linked to inadequate visibility of the increasing number of deployed apps. According to Onymos, the average enterprise now relies on over 130 SaaS applications compared with just 80 in 2020.
Last year, British Airways, the BBC, and Boots were all served an ultimatum after they were hit with a supply-chain attack by the ransomware group Clop. Clop exploited an SQL injection vulnerability in the popular business software MOVEit and accessed its servers to steal business data.
Ransomware attacks are also on the rise. Microsoft reported a 2.75-fold increase in ransomware attempts this year, while the second quarter of this year saw the highest number of active ransomware groups on record. Indeed, artificial intelligence could be lowering the barrier to entry to stage these attacks, widening the pool of individuals who might do so.
Global ransomware payments exceeded $1 billion for the first time in 2023. “Big game hunting,” where groups go after large organisations and demand ransoms of over $1 million, is increasing in prevalence, and affected organisations are often tempted to pay.
Leave a Reply