[BreachExchange] Hackers hit Hood. Dairy shut down milk production this week after ‘cyber security event.’

Terrell Byrd terrell.byrd at riskbasedsecurity.com
Mon Mar 21 10:51:45 EDT 2022


https://www.msn.com/en-us/news/us/milk-could-be-in-short-supply-after-e2-80-98cyber-security-event-e2-80-99-led-hp-hood-to-shut-down-plants/ar-AAVf93p

It’s not just passwords, credit card data, or personal records. Now, it
appears the hackers have come for our milk and Hoodsies.

H.P. Hood Dairy said Friday that it was the target of a “cyber security
event,” that forced it to temporarily shut its 13 dairy plants around the
country this week. The closures meant Hood had to get rid of some dairy
products, and the company warned there could be delivery delays for some
customers as Hood’s facilities get “back up and running.”

A spokesperson for the Lynnfield-based company said Hood made the decision
to halt production out of an “abundance of caution,” after learning late
last week about an incident that affected its IT systems.

“We are grateful to our employees for their hard work and efforts and our
customers for their patience and understanding,” spokeswoman Lynne Bohan
wrote in a message to the Globe.

Hackers have long targeted organizations with sensitive information, such
the federal government, or critical infrastructure like fuel distribution
networks. Groups with ties to Russia are blamed for two prominent
cyberattacks last year targeting the Colonial pipeline and the JBS meat
packing facility, and there are growing fears of more from Moscow amid
Russia’s war in Ukraine. But Hood’s struggles this week are a sign that
cyberthreats can extend even to the most wholesome of consumer products.
Not the even the 175-year-old maker of the Hoodsie is immune.

During the shutdown, Bohan said, Hood was unable to manufacture products or
receive new raw materials, including milk. The company tried to divert its
deliveries, but an unspecified amount of milk had to be “disposed of.”

Hood also asked its roughly 3,000 employees to refrain from using
company-issued equipment while its “IT team and others” worked to resolve
the issue.

It’s not clear whether Hood’s distribution to grocery stores was disrupted.

Bob Rudis, chief researcher at Boston cybersecurity firm Rapid7, said it
will be difficult to speculate what happened at Hood until the company
releases more information. But since the company called the situation a
“cybersecurity event,” he said it was most likely an attack.

“That is pretty much what it sounds like,” he said. There are “a whole
bunch of things attackers could have done to internal systems to have
[Hood] say, ‘Shut everything down.’”

Hackers could have deployed a denial-of-service attack, which would make
Hood’s internal network unavailable, caused its systems to reboot
constantly, or introduced malware. Even if Hood was initially unaware of
what caused the issue, Rudis said, it was smart for the company shut down
its facilities and discourage employees from accessing company devices.
That might have allowed Hood to contain the issue, rather than letting it
cascade into a larger problem, which could take longer to fix.

>From its mid-19th-century start in Charlestown, the increasingly national
company has grown to generate about $2.7 billion in annual sales, with
plants as far afield as Virginia and California. Hood sells milk products
under its own brand name, as well as others, including Blue Diamond Almond
Breeze, Planet Oat, and Green’s Ice Cream. Its products have fed
generations of New Englanders, and its milk cartons are a common feature of
school snack time across the region.

Representatives from CVS, Shaw’s, Star Market, and Stop & Shop — which sell
Hood’s milk, ice cream, and sour cream in Boston — did not respond to
questions about whether they expect product delivery delays.

But one school district in New Hampshire sounded the alarm earlier this
week.

A spokesperson for the Contoocook Valley School District in Peterborough,
N.H., said its food vendor, Fresh Picks Cafe, notified them on Tuesday that
HP Hood had experienced a “significant cyber hack” that shut the business
down.

Officials there posted a blog note notifying families of the situation,
saying they would offer water or juice as a substitute if milk supplies ran
out. After all, as the post put it, Hood is “the largest producer of milk
in eight-ounce packaging” in the region.

“With school settings, you have to have 8-ounce cartoons,” a district
spokesperson said Friday. “We can’t just go to the local dairy and pour
glasses of milk.”

So far, Contoocook Valley still has a supply of milk for students. But to
meet USDA guidelines for what counts as a reimbursable school lunch, the
district sought a waiver from the state in case it is not able to obtain
fresh milk due to the Hood disruption.

In Massachusetts, no schools have requested such a waiver or expressed
concerns about the HP Hood milk situation to the Department of Elementary
and Secondary Education, said spokesperson Colleen Quinn. And Michael
DeAngelis, a spokesperson for New England Dairy, a Boston-based nonprofit
that represents regional dairy farmers, said he does not anticipate any
“shortages for milk for schools and other locations” because of the
incident.

“Hood has been managing it,” DeAngelis said. “I know they have things back
online.”

Though the Hood plants are functioning again, Rudis said most companies
that manufacture goods have a manual backup systems, which are typically
separate from their internal network. These manual plans are often used to
protect against power outages or storms, but could also be helpful during a
cyberattack, he said.

“They may have had a good plan,” he said, since it appears Hood’s
facilities were down for only a few days. “That gives them time to deal
with the internal system.”
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20220321/dde0b7ba/attachment.html>


More information about the BreachExchange mailing list