Experts Insight On Coca Cola Potential Breach

Following the news that: 

Coca Cola Investigates Potential Data Breach

Coca Cola is investigating reports of data breach after claim Stormous ransomware group stole data | Daily Mail Online

Security experts commented below.

Experts Comments

April 28, 2022
Patrick McBride
CMO
Beyond Identity

Security researchers will take some time to sort out whether Stormous is actually a Russian entity, or a group using fake claims and the Russian invasion of Ukraine to help hide its real origins. One thing is certain - ransomware attacks, especially those that use the threat of leaked data, rather than just a payment for encryption keys, will continue to rise. Why? Because it works.

April 28, 2022
Sam Linford
AVP EMEA Channels
Deep Instinct

The news about the possible Coco-Cola data breach is certainly worrying. While most will be focusing on the leakage of Coca-Cola’s data, perhaps more concerning is the speed at which the Stormous ransomware group operated during the cyberattack.

The ransomware group put out a poll only last week asking their followers to vote on who should be their next victim, and the gang claimed it took only a few days to breach the company. Threat actors now deploy low-dwell time malware which aims to cause

.....Read More

The news about the possible Coco-Cola data breach is certainly worrying. While most will be focusing on the leakage of Coca-Cola’s data, perhaps more concerning is the speed at which the Stormous ransomware group operated during the cyberattack.

The ransomware group put out a poll only last week asking their followers to vote on who should be their next victim, and the gang claimed it took only a few days to breach the company. Threat actors now deploy low-dwell time malware which aims to cause as much damage as possible in the shortest amount of time.

High-speed attacks are becoming increasingly more common, yet too many organisations are overly focused on Machine Learning and traditional Endpoint Detection Response (EDR) technologies as their solution to preventing cyber attacks. However, these solutions detect malicious activity once it has already executed on the network, which leaves the infrastructure exposed during this dwell time. With the speed in which attacks are happening at the moment, as shown in the apparent Coca-Cola attack, these solutions are evidently not enough, and they are in fact compounding a problem that can be easily mitigated.  

Technologies, such as deep learning – a subset of AI, are able to stop malware before it can encrypt data. Deep learning delivers a sub-20 millisecond response time, stopping a cyberattack before it can execute and take hold of an organisation’s network. With solutions such as deep learning, organisations will “taste the feeling” of knowing that they are fully protected and can stop cyberattacks before data is stolen.

  Read Less
April 28, 2022
Deepak Goel
CTO
D2iQ

On the surface, the removal of the dockershim component in the latest version of Kubernetes seems like a big deal. In reality, it likely won’t impact 99% of Kubernetes users. Docker was initially added when Kubernetes needed container runtime. As K8s has matured, it has become more flexible, pluggable and opinionated, offering multiple interfaces including Container Network Interface (CNI), Container Runtime Interface (CRI), and Container Storage Interface (CSI). CRI has been proven over time

.....Read More

On the surface, the removal of the dockershim component in the latest version of Kubernetes seems like a big deal. In reality, it likely won’t impact 99% of Kubernetes users. Docker was initially added when Kubernetes needed container runtime. As K8s has matured, it has become more flexible, pluggable and opinionated, offering multiple interfaces including Container Network Interface (CNI), Container Runtime Interface (CRI), and Container Storage Interface (CSI). CRI has been proven over time in some of the most demanding deployments, meaning the dockershim component was no longer necessary. This is good news for both Kubernetes and Docker, as Docker is about much more than just container runtime. Kubernetes continues to evolve with more innovation and flexibility, making it the platform of choice for developers building cloud native applications.

  Read Less
April 28, 2022
Erfan Shadabi
Cybersecurity Expert
comforte AG

Ransomware has seen quite a resurgence this year. Threat actors are taking their ability to use social engineering and other forms of trickery to gain access to corporate systems, launch debilitating ransomware software and watch the target squirm. It seems that the majority of ransomware attacks are targeting one of three industries; banking, utilities and retail, but all industries are currently really at risk from attacks.

What is the solution? Enterprises, big or small, need to prepare for

.....Read More

Ransomware has seen quite a resurgence this year. Threat actors are taking their ability to use social engineering and other forms of trickery to gain access to corporate systems, launch debilitating ransomware software and watch the target squirm. It seems that the majority of ransomware attacks are targeting one of three industries; banking, utilities and retail, but all industries are currently really at risk from attacks.

What is the solution? Enterprises, big or small, need to prepare for this eventuality with robust recovery capabilities (tools and processes) combined with proactive data-centric protection. The former restores the IT and data environment to a pre-breach state, while the latter ensures that threat actors can’t exfiltrate sensitive data and use that compromised information as further leverage. Data-centric security methods such as tokenization and format-preserving encryption protect the data itself rather than the environment around it. Even if hackers get their hands on data, they can’t blackmail organizations with the threat of imminent release of that data. And that’s what ransomware is all about—blackmail.

  Read Less
April 28, 2022
Camellia Chan
CEO and Co-founder
Flexxon

Nowadays, we are seeing more and more people running RaaS (Ransomware-as-a-Service) and attacks are prevalent. The news that Coca Cola may have been subject to a data breach off the back of a ‘public’ vote is an example of how gangs are changing their targeting tactics and it shows that it’s really just becoming a big game. A game that can have serious consequences. Where once companies may have been targeted because they had inadequate defences, now even those with a huge defence

.....Read More

Nowadays, we are seeing more and more people running RaaS (Ransomware-as-a-Service) and attacks are prevalent. The news that Coca Cola may have been subject to a data breach off the back of a ‘public’ vote is an example of how gangs are changing their targeting tactics and it shows that it’s really just becoming a big game. A game that can have serious consequences. Where once companies may have been targeted because they had inadequate defences, now even those with a huge defence infrastructure are just as likely to be in the cross hairs because of the will of the ‘people’. As such, it is more important than ever for all organisations to have robust measures at all levels, including incorporating Artificial Intelligence (AI) cybersecurity into the final line of defence at the hardware layer. This can help defend against threats that are missed by software-based defence solutions and places secure protections immediately around a company’s most valuable asset – its data.

 

  • Why so many data breaches are the product of human error

o   Anti-virus software is not sufficient due to the need for human intervention

o   Low-level AI programming within the firmware of the SSD can supersede regular anti-virus software

o   As such, organisations need an AI-augmented SSD to defend against cyber threats

  • Why the future of cybersecurity lies in Flexxon’s novel X-PHY technology
    • Increase in the number of people who are regularly working from home
  • The need for businesses to operate under a “zero-trust” framework
    • Makes it possible to track every single touchpoint and eliminate human intervention
  Read Less
April 28, 2022
Raj Samani
Chief Scientist and Fellow
McAfee

The concept of ransomware is very different to early iterations of the vector. This particular attack demonstrates that data exfiltration in certain cases can be just as damaging, if not more where confidentiality is of higher importance than availability. Further, the wider consequences of allowing supporters the opportunity to vote on who to attack next displays a brazen disregard to potential law enforcement consequences. Organisations of all sizes should be mindful of all known TTPs

.....Read More

The concept of ransomware is very different to early iterations of the vector. This particular attack demonstrates that data exfiltration in certain cases can be just as damaging, if not more where confidentiality is of higher importance than availability. Further, the wider consequences of allowing supporters the opportunity to vote on who to attack next displays a brazen disregard to potential law enforcement consequences. Organisations of all sizes should be mindful of all known TTPs associated with this and other groups and incorporate proactive measures in an attempt reduce the risk of being hit next.

  Read Less
April 28, 2022
Etay Maor
Director of Security Strategy
Cato Networks

The alleged breach of Coca-Cola is interesting. The company is known to invest heavily in its security, employing best-of-breed security tools so, if true, the breach should be a siren call to all enterprises.

Be concerned about the newest zero-day threat, yes, but first be sure you’ve got the right systems and processes already in place. Most attacks exploit the mundane – like poor patching processes or failure to enable MFA – not the newest zero-day threat.
What’s needed is tighter

.....Read More

The alleged breach of Coca-Cola is interesting. The company is known to invest heavily in its security, employing best-of-breed security tools so, if true, the breach should be a siren call to all enterprises.

Be concerned about the newest zero-day threat, yes, but first be sure you’ve got the right systems and processes already in place. Most attacks exploit the mundane – like poor patching processes or failure to enable MFA – not the newest zero-day threat.
What’s needed is tighter convergence of tools to eliminate the cracks through which attackers can slip through and for operational teams to proactively hunt threats.

  Read Less
April 28, 2022
Chris Hauk
Consumer Privacy Champion
Pixel Privacy

So far, we have only seen Russian-linked cybercrime gang "Stormous" claim that they have successfully hacked the servers of the soft drink company, stealing 161GB of data. It has offered the data for sale for 16 million bitcoin. However, Coca-Cola says it is investigating the claims and has refused to confirm the breach. While Stormous appears to be looking to financially benefit from the data breach, the breach may also be politically motivated, as Coca-Cola has joined other large firms in

.....Read More

So far, we have only seen Russian-linked cybercrime gang "Stormous" claim that they have successfully hacked the servers of the soft drink company, stealing 161GB of data. It has offered the data for sale for 16 million bitcoin. However, Coca-Cola says it is investigating the claims and has refused to confirm the breach. While Stormous appears to be looking to financially benefit from the data breach, the breach may also be politically motivated, as Coca-Cola has joined other large firms in shutting down its Russian operations following the Russian invasion of Ukraine. Stormous officially has come out in support of the Russian government.

  Read Less
April 28, 2022
Sam Curry
Chief Security Officer
Cybereason

Aside from what Stormous has disclosed, we know very little about the possible level of damage at this point and will have to wait for more details from Coke. Unfortunately, the supposed poll conducted by the group to determine which companies to attack seems more like the norm today. Coke likely spends tens of millions of dollars on security and employs world class security analysts to protect critical assets and they do outstanding work on a daily basis protecting one of the world's most

.....Read More

Aside from what Stormous has disclosed, we know very little about the possible level of damage at this point and will have to wait for more details from Coke. Unfortunately, the supposed poll conducted by the group to determine which companies to attack seems more like the norm today. Coke likely spends tens of millions of dollars on security and employs world class security analysts to protect critical assets and they do outstanding work on a daily basis protecting one of the world's most recognizable companies. With data breaches, it is a numbers game, and the goal for every company is to make it as hard as possible for hackers to succeed. Infrastructure breaches are inevitable, but information and material breaches are not! Aggressors will always find ways to compromise something out there, but that doesn’t mean they get to the crown jewels or can’t be stopped. Bricking a laptop, DDoS-ing websites or compromising identities will happen. However, a good security program will not let that turn into a material event. The goal is to stop this further and further to the “left” in the timeline. Attackers and cyber attacks can be stopped, blunted and made frustrating to the attackers. Infrastructure will have compromises, but material breaches are not a foregone conclusion It’s not strange at all. It is relatively new, but we’ve seen hacking groups like Lapsus$ use it. When it gets hard to communicate one way (or to process payments), the system is adaptive. Think of it as a fluid situation with actors making trade-offs among services in their toolkit. Telegram is on the rise, and surveys like this seem to be the new normal.

  Read Less
April 28, 2022
Jamie Akhtar
CEO and Co-founder
CyberSmart

The circumstances of this case are very strange, in keeping with most attacks by the mysterious Stormous group. However, it does highlight, once again, that data has become businesses’ most valuable asset and cybercriminals’ most coveted prize.

With this now the state of play, it’s more important than ever that data is at the centre of security strategies. This means organisations having a clear picture of what they store, where they store it and how it’s protected.

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.