UNFI cyberattack highlights industry vulnerabilities

Two weeks after a cyberattack temporarily disrupted UNFI’s ordering systems and caused store shelves to go bare, the incident underscores ongoing cybersecurity risks facing the grocery and produce industry, SuperMarket News reported.

Sam Rubin, SVP of Unit 42 by Palo Alto Networks, stated that “things are at a pretty escalated point,” emphasizing that the hacking group known as Muddled Libra or Scattered Spider remains a significant concern for security leaders in retail. “This group has been on a rampage in recent months,” he noted, citing recent attacks on UK-based retailers such as Marks & Spencer, Co-op, and Harrods, as well as Victoria's Secret in the U.S.

The hackers employed phishing and impersonation tactics, posing as IT staff to deceive employees into resetting credentials and accessing fake portals. The attacks resulted in data theft and the deployment of ransomware, causing operational disruptions and significant financial impacts. 

Marks & Spencer has anticipated losing about one-third of its profits, with some services possibly remaining offline until July. The Co-op breach compromised 20 million user credentials, while Victoria’s Secret experienced online sales disruptions severe enough to influence its stock price.

Rubin remarked that “the primary goal of these cybercriminals is profit,” and noted that attackers have become increasingly lethal in their methods. He added that the UNFI incident served as a “wake-up call” for the industry, which has been relatively slow in adopting modern cybersecurity measures and developing robust zero-trust security practices.

Rubin explained that grocery retailers’ large volumes of customer data, extensive and dispersed networks, and reliance on interconnected IT systems make them particularly vulnerable. “That makes them easy to disrupt,” he said. 

Related article:

Instacart and Pinterest launch new retail media collaboration