UNFI cyberattack highlights industry vulnerabilities
Two weeks after a cyberattack temporarily disrupted UNFIās ordering systems and caused store shelves to go bare, the incident underscores ongoing cybersecurity risks facing the grocery and produce industry, SuperMarket News reported.
Sam Rubin, SVP of Unit 42 by Palo Alto Networks, stated that āthings are at a pretty escalated point,ā emphasizing that the hacking group known as Muddled Libra or Scattered Spider remains a significant concern for security leaders in retail. āThis group has been on a rampage in recent months,ā he noted, citing recent attacks on UK-based retailers such as Marks & Spencer, Co-op, and Harrods, as well as Victoria's Secret in the U.S.
The hackers employed phishing and impersonation tactics, posing as IT staff to deceive employees into resetting credentials and accessing fake portals. The attacks resulted in data theft and the deployment of ransomware, causing operational disruptions and significant financial impacts.
Marks & Spencer has anticipated losing about one-third of its profits, with some services possibly remaining offline until July. The Co-op breach compromised 20 million user credentials, while Victoriaās Secret experienced online sales disruptions severe enough to influence its stock price.
Rubin remarked that āthe primary goal of these cybercriminals is profit,ā and noted that attackers have become increasingly lethal in their methods. He added that the UNFI incident served as a āwake-up callā for the industry, which has been relatively slow in adopting modern cybersecurity measures and developing robust zero-trust security practices.
Rubin explained that grocery retailersā large volumes of customer data, extensive and dispersed networks, and reliance on interconnected IT systems make them particularly vulnerable. āThat makes them easy to disrupt,ā he said.
Related article:
Instacart and Pinterest launch new retail media collaboration
Subscribe to our newsletter
