KP Snacks Hit By Ransomware – Experts Opinions

Following the news that KP Snacks has been hit with a ransomware attack which is set to disrupt its supply change for weeks, Information security experts reacted below.

Subscribe
Notify of
guest

11 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Felipe Duarte
Felipe Duarte , Security Researcher
InfoSec Expert
February 7, 2022 3:28 pm

<p>The retail industry is a priority target to ransomware gangs due to the amount of personal information and financial information they store. It is no surprise, therefore, that a large company like KP has been the focus and victim of a targeted ransomware attack. Attackers know that larger companies with a large supply chain will want to get their operations back on track, so the likelihood of them paying the ransom is high. KP now has to make the difficult decision as to whether or not they pay it.</p>
<p>The Conti ransomware gang has been prolific recently, with Delta Electronics also being a victim of their attack within the last week. Conti is known to use advanced techniques in their attacks- for example, they were one of the first groups to weaponise Log4Shell vulnerability after it became public.</p>
<p>International law enforcement is cracking down on and dismantling ransomware gangs, and with plenty of operations being made in the last few months, ransomware operations are becoming more careful. Although Conti Ransomware is a \"recent threat\", active since 2020, it\’s considered the successor of the Ryuk Ransomware gang, that was active since 2018. This rebranding, very common in ransomware gangs nowadays, is a result of the need to cover their tracks and cool down after getting too much media attention, especially after a big attack that attracts lots of media and law enforcement attention. But even with those efforts, Conti remains one of the most dangerous active ransomware gangs nowadays.</p>
<p>Organisations must be vigilant even with the progress of law enforcement, as ransomware groups learn which industries and companies are more likely to pay ransomware demands. Ransomware operations as big as Conti find new targets almost every day.  </p>
<p>While we don’t yet know how exactly the infection vector used in KP’s attack, organisations can better prepare for attacks such as this one by implementing Zero Trust policies such as network segmentation. Segmenting the networks and certain data, assuming all connections can be compromised, can restrain threat actors from moving freely across a network. Zero Trust increases the chance of detecting an ongoing attack, and (if well implemented) minimizes the damages caused by cybersecurity incidents.</p>

Last edited 7 months ago by Felipe Duarte
David Mahdi
David Mahdi , Ex-Gartner Analyst and CSO
InfoSec Expert
February 4, 2022 2:11 pm

<p>When we look at what ransomware does, it leverages a users’ access within an organization to encrypt sensitive files (and often also steal). The authentication given to a user defines the level of damage the hacker will do. Therefore, a zero-trust, identity-first approach is critical. To prevent ransomware, you can’t just lock down data, you need a clear method of verifying all identities within an organization, whether human or machine.</p>
<p>This is where the combination of identity-first approaches combined with PKI certificates enable immutable proof that ‘this person (or entity) is who they say they are.’ When combining identity-first principles with least privilege data access security, ransomware attacks can be stopped in their tracks, and in some cases prevented entirely. Ultimately, ransomware attacks are mitigated, or even cut off at the source, and organizations aren’t left endlessly chasing shadows or putting out fires.</p>

Last edited 7 months ago by David Mahdi
Andy Norton
Andy Norton , European Cyber Risk Officer
InfoSec Expert
February 3, 2022 12:37 pm

<p>Everyone at KP Snacks must be jumping through Hula Hoops to get production flowing again. The IT ecosystem that surrounds OT and ICS technology is often the weak link in operational resilience, we’ve seen this many times in recent history. When cyber attacks like this have such an impact to production it is often through incorrect risk assessment and not fully understanding the criticality of ancillary systems.</p>

Last edited 7 months ago by Andy Norton
Chris Vaughan
Chris Vaughan , Technical Account Manager
InfoSec Expert
February 3, 2022 12:35 pm

<p>This ransomware attack on KP Snacks is a reminder that no industry is immune to being targeted by cybercriminals. For the next few hours, damage control will be in full force – and how the business reacts will be critical to ensuring the welfare of the company, mitigating the damage of the attack, limiting downtime of operations, and therefore minimising the predicted supply chain delays and cancellations. <u></u><u></u> <u></u><u></u></p>
<p>Getting back to the basics of IT operations and security is the first step in helping any organisation avoid the worst-case scenario. Having the right security defences in place to protect your IT infrastructure – including having back up mechanisms which are regularly tested – can significantly mitigate the damage of a ransomware attack. It’s critical that organisations have a high level of visibility of the devices connecting to the corporate network. This will help them identify any weaknesses that could increase the likelihood of a ransomware attack being successful, such as unpatched devices or users adopting risky behaviours. Endpoint security and visibility can also help to limit lateral movement in an environment – helping to limit the spread and damage of an attack once it has breached the corporate network.<u></u><u></u> <u></u><u></u></p>
<p>Another way to minimise the impact of ransomware attacks is to ensure staff are trained to look out for potentially malicious links in emails. It’s not correct to think that everyone already understands and follows this advice as many successful ransomware attacks begin in this way. My message is that you can’t always stop a sophisticated cyber-attack, but by having a good standard of IT hygiene and training in place you can certainly make it more difficult for the attackers to be successful.</p>

Last edited 7 months ago by Chris Vaughan
Keiron Holyome
Keiron Holyome , VP UK, Ireland and Middle East
InfoSec Expert
February 3, 2022 12:34 pm

<p>This attack on KP Snacks underscores that the global cyber risk equally applies to British institutions and their supply chains, with KP Snacks now predicting shortages after a ransomware attack. It doesn’t matter whether it\’s logistics, fuel or food – these supply chains present unique and complex challenges from a cybersecurity perspective. <br /> <br />Businesses should not have to suffer the effects of cyberattacks. Endpoint detection and response (EDR) focused solutions take action too late and do not prevent breaches. Prevention is the best strategy. With a prevention-first and AI-driven approach, malware can be stopped in its tracks. <br /> <br />A prevention-first security posture begins with neutralising malware prior to the exploitation stage of the kill-chain. By stopping malware at the exploitation stage, organisations can increase their resilience, reduce infrastructure complexity, and streamline security management. We do not believe that there needs to be victims.</p>

Last edited 7 months ago by Keiron Holyome
Information Security Buzz
11
0
Would love your thoughts, please comment.x
()
x