Blue day for retail following ransomware attack

Investors are pumping millions of dollars into encryption as unease about data security drives a rising need for ways to keep unwanted eyes away from personal and corporate information — © AFP

The supply chain management firm Blue Yonder has confirmed a ransomware attack. The scale of the incident has disrupted its services, and the impact has affected many customers. The logistics company has more than 3,000 clients around the world.

According to Blue Yonder, the firm says it has “experienced disruptions to its managed services hosted environment”. Subsequent investigation confirmed that it was a ransomware attack.”

This continues: “Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process. We have implemented several defensive and forensic protocols,” the announcement reads. “With respect to the Blue Yonder Azure public cloud environment, we are actively monitoring and currently do not see any suspicious activity.”

Following the news of the ransomware attack on Blue Yonder, Digital Journal heard from Steve Cobb, CISO at SecurityScorecard.

Cobb begins by laying out the background of the incident and the residual impact: “Blue Yonder, a supply chain software provider serving U.S. and U.K. grocery chains, was hit by a ransomware attack. The attack significantly impacted two of the four largest grocery chains in the U.K., causing operational disruptions and forcing these retailers to revert to backup processes. In the U.S., prominent chains, including Kroger and Albertsons, rely on Blue Yonder, underscoring the potential widespread implications of this incident.”

Next Cobb considers why retail is often in the sights of cyber-criminals: “The supplier ecosystem is a highly desirable target for ransomware groups. Third-party breach victims are often not aware of an incident until they receive a ransomware note, allowing time for attackers to infiltrate numerous companies without being detected. These organizations house vast amounts of sensitive data, making them prime targets for threat actors and amplifying the attack surface of a single breach.”

Cobb also assesses the targets of the attack: “These supply chain attacks typically focus on data security and privacy concerns”.

In terms of what retailers can do to try and prevent future attacks of this nature, Cobb recommends: “Organizations should approach these incidents with a broader focus on cyber resiliency, considering how these attacks impact their ability to serve customers and recover business operations. Organizations must consider this a wake-up call to enhance proactive security measures, including their third-party providers.”

In addition, Cobb puts forward: “A robust approach includes continuous monitoring and comprehensive visibility across supply chain risk. By implementing these processes, organizations can navigate their supply chain cybersecurity and better equip themselves for attacks.”