[BreachExchange] Food-Supply Giant Americold Admits Cyberattack

[Destry Winant]

https://threatpost.com/food-supply-americold-cyberattack/161402/

A reported ransomware attack took down operations at the company,
which in talks for COVID-19 vaccine-distribution contracts.

Americold, a company whose cold-storage capabilities are integral to
the U.S. food-supply chain (and soon, COVID-19 vaccine distribution),
has confirmed an operations-impacting cyberattack, according to a
filing with the Securities and Exchange Commission (SEC).

The filing was brief and read in part: “As a precautionary measure,
the company took immediate steps to help contain the incident and
implemented business continuity plans, where appropriate, to continue
ongoing operations… Security, in all its forms, remains a top priority
at Americold, and the company will continue to seek to take all
appropriate measures to further safeguard the integrity of its
information technology infrastructure, data and customer information.”

The attack appears to be a ransomware incident that started on Nov.
16, according to a Bleeping Computer report. The attack affected the
company’s phone systems, email, inventory management and order
fulfilment, according to reports on Twitter. One truck driver on
Monday tweeted, “At a Americold [depot] and their systems are down,”
they noted. “They are unable to assign me to a door. Well let the
waiting begin.”

The attack is likely to be highly targeted and well-thought-out,
according to researchers.

“Human-operated ransomware attacks begin with trojans or other
exploits against unsophisticated vectors,” Chloé Messdaghi, vice
president of strategy at Point3 Security, said via email. “Once a way
in is found, malware is planted and privileges are elevated. These
attacks often exfiltrate data before encrypting files and the attacks
are drawn out, with months of potential compromise adding to the
potential harms that can result.”

She added, “That’s why these types of attacks pose a greater threat
than automated attacks such as WannaCry or NotPetya – they’re
intentional and secretive.”

Based in Atlanta, Americold is the largest cold-storage provider in
the U.S., and it owns and operates 183 temperature-controlled
warehouses globally, including in Argentina, Australia, Canada and New
Zealand; and just acquired a similar company in Europe. For an idea of
scale, it holds the contract for linking the ConAgra food-producing
giant to supermarkets and consumers.

“The attack against Americold highlights a concerning trend of
attackers targeting larger and more critical organizations,” Andrea
Carcano, co-founder of Nozomi Networks, said via email. “These threats
should be a wake-up call for security professionals responsible for
keeping not only IT, but operational technology (OT) and internet of
things (IoT) networks safe. In the manufacturing business, time is
money, so the disruption of IT services as well as manufacturing
downtime and shipment delays, translates to lost revenue.”

Critically, Americold has also been in talks to provide storage and
transport for the distribution of temperature-sensitive COVID-19
vaccines, according to reports.

“Once again, we see that companies who don’t consider themselves to be
likely targets are the most likely of targets,” said Messdaghi. “This
is especially unfortunate since Americold has an important role to
play in the upcoming distribution of COVID-19 vaccines, in addition to
its longstanding role in supporting the food supply chain. Each and
every piece of the COVID-19 distribution chain must go through serious
risk and cybersecurity audits, as though lives depend on it. Because
they will.”

She added, “The more that our critical data is protected by zero-trust
actions, the safer we’ll all be – both day to day and particularly in
national mobilization circumstances like the upcoming vaccine
distribution.”