KP Snacks Hit By Ransomware – Experts Opinions

Following the news that KP Snacks has been hit with a ransomware attack which is set to disrupt its supply change for weeks, Information security experts reacted below.

https://twitter.com/GMB/status/1489134659501965313

Experts Comments

February 03, 2022
Steve Cottrell
EMEA CTO
Vectra AI

The onslaught of ransomware attacks in 2022 isn't slowing, and more breaches are inevitable, so organisations need rapid breach detection to head off serious damage. It's bad enough that cybercriminals are impacting supplies of British snacking staples with this attack. But, if more organisations like KP are hit at the same time, or a more essential provider is targeted, we could see a wider social impact too, with empty shelves in supermarkets or raised food prices at a time where the cost of

.....Read More

The onslaught of ransomware attacks in 2022 isn't slowing, and more breaches are inevitable, so organisations need rapid breach detection to head off serious damage. It's bad enough that cybercriminals are impacting supplies of British snacking staples with this attack. But, if more organisations like KP are hit at the same time, or a more essential provider is targeted, we could see a wider social impact too, with empty shelves in supermarkets or raised food prices at a time where the cost of living is skyrocketing.

To avoid this, it's vital that food suppliers take a proactive approach to defeating ransomware, making sure they have advanced threat detection capabilities. By reducing the time it takes to spot threats, organisations can mitigate the impact of ransomware, stopping attacks before they become breaches and grind business to a halt.

  Read Less
February 03, 2022
Keiron Holyome
VP UK, Ireland and Middle East
BlackBerry

This attack on KP Snacks underscores that the global cyber risk equally applies to British institutions and their supply chains, with KP Snacks now predicting shortages after a ransomware attack. It doesn’t matter whether it's logistics, fuel or food – these supply chains present unique and complex challenges from a cybersecurity perspective.
 
Businesses should not have to suffer the effects of cyberattacks. Endpoint detection and response (EDR) focused solutions take action too late and do not

.....Read More

This attack on KP Snacks underscores that the global cyber risk equally applies to British institutions and their supply chains, with KP Snacks now predicting shortages after a ransomware attack. It doesn’t matter whether it's logistics, fuel or food – these supply chains present unique and complex challenges from a cybersecurity perspective.
 
Businesses should not have to suffer the effects of cyberattacks. Endpoint detection and response (EDR) focused solutions take action too late and do not prevent breaches. Prevention is the best strategy. With a prevention-first and AI-driven approach, malware can be stopped in its tracks.
 
A prevention-first security posture begins with neutralising malware prior to the exploitation stage of the kill-chain. By stopping malware at the exploitation stage, organisations can increase their resilience, reduce infrastructure complexity, and streamline security management. We do not believe that there needs to be victims.

  Read Less
February 04, 2022
David Mahdi
Ex-Gartner Analyst and CSO
Sectigo

When we look at what ransomware does, it leverages a users’ access within an organization to encrypt sensitive files (and often also steal). The authentication given to a user defines the level of damage the hacker will do. Therefore, a zero-trust, identity-first approach is critical. To prevent ransomware, you can’t just lock down data, you need a clear method of verifying all identities within an organization, whether human or machine.

This is where the combination of identity-first

.....Read More

When we look at what ransomware does, it leverages a users’ access within an organization to encrypt sensitive files (and often also steal). The authentication given to a user defines the level of damage the hacker will do. Therefore, a zero-trust, identity-first approach is critical. To prevent ransomware, you can’t just lock down data, you need a clear method of verifying all identities within an organization, whether human or machine.

This is where the combination of identity-first approaches combined with PKI certificates enable immutable proof that ‘this person (or entity) is who they say they are.’ When combining identity-first principles with least privilege data access security, ransomware attacks can be stopped in their tracks, and in some cases prevented entirely. Ultimately, ransomware attacks are mitigated, or even cut off at the source, and organizations aren’t left endlessly chasing shadows or putting out fires.

  Read Less
February 07, 2022
Felipe Duarte
Security Researcher
Appgate

The retail industry is a priority target to ransomware gangs due to the amount of personal information and financial information they store. It is no surprise, therefore, that a large company like KP has been the focus and victim of a targeted ransomware attack. Attackers know that larger companies with a large supply chain will want to get their operations back on track, so the likelihood of them paying the ransom is high. KP now has to make the difficult decision as to whether or not they pay

.....Read More

The retail industry is a priority target to ransomware gangs due to the amount of personal information and financial information they store. It is no surprise, therefore, that a large company like KP has been the focus and victim of a targeted ransomware attack. Attackers know that larger companies with a large supply chain will want to get their operations back on track, so the likelihood of them paying the ransom is high. KP now has to make the difficult decision as to whether or not they pay it.

The Conti ransomware gang has been prolific recently, with Delta Electronics also being a victim of their attack within the last week. Conti is known to use advanced techniques in their attacks- for example, they were one of the first groups to weaponise Log4Shell vulnerability after it became public.

International law enforcement is cracking down on and dismantling ransomware gangs, and with plenty of operations being made in the last few months, ransomware operations are becoming more careful. Although Conti Ransomware is a "recent threat", active since 2020, it's considered the successor of the Ryuk Ransomware gang, that was active since 2018. This rebranding, very common in ransomware gangs nowadays, is a result of the need to cover their tracks and cool down after getting too much media attention, especially after a big attack that attracts lots of media and law enforcement attention. But even with those efforts, Conti remains one of the most dangerous active ransomware gangs nowadays.

Organisations must be vigilant even with the progress of law enforcement, as ransomware groups learn which industries and companies are more likely to pay ransomware demands. Ransomware operations as big as Conti find new targets almost every day.  

While we don’t yet know how exactly the infection vector used in KP’s attack, organisations can better prepare for attacks such as this one by implementing Zero Trust policies such as network segmentation. Segmenting the networks and certain data, assuming all connections can be compromised, can restrain threat actors from moving freely across a network. Zero Trust increases the chance of detecting an ongoing attack, and (if well implemented) minimizes the damages caused by cybersecurity incidents.

  Read Less
February 03, 2022
Andy Norton
European Cyber Risk Officer
Armis

Everyone at KP Snacks must be jumping through Hula Hoops to get production flowing again. The IT ecosystem that surrounds OT and ICS technology is often the weak link in operational resilience, we’ve seen this many times in recent history. When cyber attacks like this have such an impact to production it is often through incorrect risk assessment and not fully understanding the criticality of ancillary systems.

February 03, 2022
Chris Vaughan
Technical Account Manager
Tanium

This ransomware attack on KP Snacks is a reminder that no industry is immune to being targeted by cybercriminals. For the next few hours, damage control will be in full force – and how the business reacts will be critical to ensuring the welfare of the company, mitigating the damage of the attack, limiting downtime of operations, and therefore minimising the predicted supply chain delays and cancellations.  

Getting back to the basics of IT operations and security is the first step in helping

.....Read More

This ransomware attack on KP Snacks is a reminder that no industry is immune to being targeted by cybercriminals. For the next few hours, damage control will be in full force – and how the business reacts will be critical to ensuring the welfare of the company, mitigating the damage of the attack, limiting downtime of operations, and therefore minimising the predicted supply chain delays and cancellations.  

Getting back to the basics of IT operations and security is the first step in helping any organisation avoid the worst-case scenario. Having the right security defences in place to protect your IT infrastructure – including having back up mechanisms which are regularly tested – can significantly mitigate the damage of a ransomware attack. It’s critical that organisations have a high level of visibility of the devices connecting to the corporate network. This will help them identify any weaknesses that could increase the likelihood of a ransomware attack being successful, such as unpatched devices or users adopting risky behaviours. Endpoint security and visibility can also help to limit lateral movement in an environment – helping to limit the spread and damage of an attack once it has breached the corporate network. 

Another way to minimise the impact of ransomware attacks is to ensure staff are trained to look out for potentially malicious links in emails. It’s not correct to think that everyone already understands and follows this advice as many successful ransomware attacks begin in this way. My message is that you can’t always stop a sophisticated cyber-attack, but by having a good standard of IT hygiene and training in place you can certainly make it more difficult for the attackers to be successful.

  Read Less
February 03, 2022
John Vestberg
President and CEO
Clavister

The latest ransomware attack on KP, major snack company, shows that cyberattacks can happen to the best of us, and while the country is now looking down the barrel of a lot less snacking this spring, there are some key learnings to be taken from the company’s response to the attack.

KP reacted in a rapid and considered fashion. Where other companies have previously failed and succumbed to paying huge ransoms, KP brought third party experts on in the earliest stages to help minimise damage and

.....Read More

The latest ransomware attack on KP, major snack company, shows that cyberattacks can happen to the best of us, and while the country is now looking down the barrel of a lot less snacking this spring, there are some key learnings to be taken from the company’s response to the attack.

KP reacted in a rapid and considered fashion. Where other companies have previously failed and succumbed to paying huge ransoms, KP brought third party experts on in the earliest stages to help minimise damage and drive a forensic investigation that could be passed over to the relevant authorities.

The transparency and diligence that KP is showing is a model to be followed in future cyberattacks, as it shows the best steps to prevention and detection. This sharing of information is one way that cybercriminals such as these attackers can be tracked down and stopped from causing more destruction in future.

  Read Less
February 03, 2022
Jake Moore
Cybersecurity Specialist
ESET

The Conti ransomware affiliates are known to be extremely effective and can interrupt huge businesses and their supply chains. Not only has this attack caused huge disruption in encrypting the data but the stolen data is highly sensitive, even financial, which marks the beginning of the secondary phase of the headache. With such personal information being held to ransom, it can be very difficult to negotiate, especially when there is no certainty that paying the demands will actually halt the

.....Read More

The Conti ransomware affiliates are known to be extremely effective and can interrupt huge businesses and their supply chains. Not only has this attack caused huge disruption in encrypting the data but the stolen data is highly sensitive, even financial, which marks the beginning of the secondary phase of the headache. With such personal information being held to ransom, it can be very difficult to negotiate, especially when there is no certainty that paying the demands will actually halt the leakage altogether. It is now crunch time for KP Snacks to decide how to best go forward, as it is highly likely that this employee information will become public if the demands are not met, meaning further fines and problems could potentially arise.

  Read Less
February 03, 2022
Jamie Akhtar
CEO and Co-founder
CyberSmart

As well as being a dark day for snack lovers everywhere, this incident demonstrates just how devastating a successful ransomware attack can be. Not only is KP set to lose revenue from the downtime caused by the breach, but the effects will also be felt throughout its supply chain. 

Cybercriminals know that businesses like KP, with large, complex supply chains, make fantastic targets for ransomware attacks due to both their vulnerability and the potential damage that can be caused. It’s why

.....Read More

As well as being a dark day for snack lovers everywhere, this incident demonstrates just how devastating a successful ransomware attack can be. Not only is KP set to lose revenue from the downtime caused by the breach, but the effects will also be felt throughout its supply chain. 

Cybercriminals know that businesses like KP, with large, complex supply chains, make fantastic targets for ransomware attacks due to both their vulnerability and the potential damage that can be caused. It’s why we’re seeing more attacks on the food and drink industry in recent months.

  Read Less
February 03, 2022
Javvad Malik
Security Awareness Advocate
KnowBe4

Another day, another example of how a ransomware attack can have far-reaching implications. Nearly every industry and size of organisation is highly dependent upon IT systems, so even if a part of the technology becomes unavailable, it could impact the whole business. 

In recent months, we've seen attacks on oil supply and payroll in addition to this recent attack against food and snacks. All of these are essential goods and services for individuals and organisations, so having robust security

.....Read More

Another day, another example of how a ransomware attack can have far-reaching implications. Nearly every industry and size of organisation is highly dependent upon IT systems, so even if a part of the technology becomes unavailable, it could impact the whole business. 

In recent months, we've seen attacks on oil supply and payroll in addition to this recent attack against food and snacks. All of these are essential goods and services for individuals and organisations, so having robust security controls is essential. 

The majority of ransomware attacks are successful because of unpatched software, weak credentials, or through social engineering such as spearphishing. So having in place processes to manage patching, technology to strengthen credentials, and providing timely and appropriate security awareness and training to all staff can go a long way in preventing such attacks from being successful.

  Read Less
February 03, 2022
Max Locatelli
Regional Director Western Europe
Infoblox

With each year that passes, the ransomware threat to both individuals and businesses seems to grow. As KP Snacks becomes the latest in a long list of high-profile companies falling victim, it’s clear that no one is safe. It’s never been more important for businesses to take steps to minimise the ransomware threat and protect their employees and their customers. However, in the majority of cases, this is much easier said than done.

When it comes to ransomware, business leaders should zero in on

.....Read More

With each year that passes, the ransomware threat to both individuals and businesses seems to grow. As KP Snacks becomes the latest in a long list of high-profile companies falling victim, it’s clear that no one is safe. It’s never been more important for businesses to take steps to minimise the ransomware threat and protect their employees and their customers. However, in the majority of cases, this is much easier said than done.

When it comes to ransomware, business leaders should zero in on specific protection, but also zoom out to secure the entire IT stack. Achieving full visibility and defending from the network edge will likely be a priority for security teams moving forward. Leveraging DDI (DNS, DHCP and IPAM) sees DNS security come into play. DNS acts as the security control plane will give organisations the upper hand with a zero day strategy and enable them to protect their networks and their employees from the latest ransomware threats.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.