URL has been copied successfully!
Starbucks operations hit after ransomware attack on supply chain software vendor
URL has been copied successfully!

Collecting Cyber-News from over 60 sources

Starbucks is grappling with operational challenges after a ransomware attack on a third-party software provider, affecting the company’s ability to process employee schedules and payroll, according to Reuters.Last week, Blue Yonder, a UK-based supply chain software vendor serving Starbucks and other retailers, acknowledged experiencing service disruptions due to a ransomware attack.”Blue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident,” a spokesperson for the company said.The attack disrupted Starbucks’ backend system, which is used to track work hours and manage shifts, although the company said that customer service remains unaffected. Starbucks is working to minimize payment discrepancies for employees.Blue Yonder, which counts major grocery chains and Fortune 500 companies among its clients, also outlined the actions it has taken in response to the incident.”Since learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process,” the spokesperson added. “We have implemented several defensive and forensic protocols.”UK retailers Morrisons and Sainsbury’s have confirmed they were affected by the ransomware attack, CNN reported, adding that Blue Yonder has enlisted the US cybersecurity firm CrowdStrike for the recovery process. The holiday shopping season creates an attractive target for hackers as businesses face increased pressure to meet demand. A survey by Semperis revealed that 86% of ransomware incidents occurred on weekends or holidays.The adoption of new technologies has also heightened security risks despite advancements in defenses. Accelerated digital transformation and tools like AI have expanded the attack surface while improving overall security capabilities.”This is above all the existing open risks of vulnerabilities, misconfigurations, and resource constraints,” said Sunil Varkey, a cybersecurity specialist. “Often, due considerations and priority for security and privacy are sidelined in this rush.”⁠Enterprises must enforce strict security measures to assess third-party software suppliers, said Keith Prabhu, CEO of Confidis. He stressed the need for strong security practices in the software development lifecycle (SDLC) and effective management of the software bill of materials (SBOM).”In today’s ‘open source, shared’ world, a lot of vulnerabilities creep into software due to shared libraries provided by third parties,” Prabhu said. “Another common issue is that various software components of the code are not updated as and when new versions are released due to poor management of the SBOM.”

Vulnerabilities in supply chain

Supply chain incidents are often linked to unchecked trust in vendors, Varkey noted, highlighting the need for continuous monitoring and periodic evaluations of partners’ security measures and commitments.”Supply chain attacks are becoming increasingly common because they allow hackers to target multiple enterprises with a single incident,” Varkey said. “Limiting the blast radius of a critical partner becoming non-operational is essential and should be integrated into your enterprise BCP/resiliency plan.”Companies should perform vendor risk assessments to verify the security controls in place at each supplier, Prabhu advised.”Furthermore, they should insist on code reviews and VAPT for every product release, including the resolution of critical, high, and medium vulnerabilities identified,” Prabhu said. “Lastly, wherever possible, each company should conduct its own VAPT before deploying the code in its environment.”

First seen on csoonline.com

Jump to article: www.csoonline.com/article/3612838/starbucks-operations-hit-after-ransomware-attack-on-supply-chain-software-vendor.html

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link