{"id":966,"date":"2024-11-26T09:19:36","date_gmt":"2024-11-26T09:19:36","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=966"},"modified":"2024-11-26T09:19:36","modified_gmt":"2024-11-26T09:19:36","slug":"starbucks-operations-hit-after-ransomware-attack-on-supply-chain-software-vendor","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=966","title":{"rendered":"Starbucks operations hit after ransomware attack on supply chain software vendor"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Starbucks is grappling with operational challenges after a ransomware attack on a third-party software provider, affecting the company\u2019s ability to process employee schedules and payroll, according to <a href=\"https:\/\/www.reuters.com\/business\/retail-consumer\/starbucks-faces-disruptions-following-ransomware-attack-software-supplier-2024-11-25\/\">Reuters<\/a>.<\/p>\n<p>Last week, Blue Yonder, a UK-based supply chain software vendor serving Starbucks and other retailers, acknowledged experiencing service disruptions due to a ransomware attack.<\/p>\n<p>\u201cBlue Yonder experienced disruptions to its managed services hosted environment, which was determined to be the result of a ransomware incident,\u201d a spokesperson for the company said.<\/p>\n<p>The attack disrupted Starbucks\u2019 backend system, which is used to track work hours and manage shifts, although the company said that customer service remains unaffected. Starbucks is working to minimize payment discrepancies for employees.<\/p>\n<p>Blue Yonder, which counts major grocery chains and Fortune 500 companies among its clients, also outlined the actions it has taken in response to the incident.<\/p>\n<p>\u201cSince learning of the incident, the Blue Yonder team has been working diligently together with external cybersecurity firms to make progress in their recovery process,\u201d the spokesperson added. \u201cWe have implemented several defensive and forensic protocols.\u201d<\/p>\n<p>UK retailers Morrisons and Sainsbury\u2019s have confirmed they were affected by the ransomware attack, <a href=\"https:\/\/edition.cnn.com\/2024\/11\/25\/tech\/starbucks-ransomware-attack\/index.html\">CNN reported<\/a>, adding that Blue Yonder has enlisted the US cybersecurity firm CrowdStrike for the recovery process.<\/p>\n<h2 class=\"wp-block-heading\">Ransomware attacks on the rise<\/h2>\n<p>The holiday shopping season creates an attractive target for hackers as businesses face increased pressure to meet demand. A survey by Semperis revealed that 86% of ransomware incidents occurred on weekends or holidays.<\/p>\n<p>The adoption of new technologies has also heightened security risks despite advancements in defenses. Accelerated digital transformation and tools like AI have expanded the attack surface.<\/p>\n<p>\u201cThis is above all the existing open risks of vulnerabilities, misconfigurations, and resource constraints,\u201d said Sunil Varkey, a cybersecurity specialist. \u201cOften, due considerations and priority for security and privacy are sidelined in this rush.\u201d<\/p>\n<p>\u2060Enterprises must enforce strict security measures to assess third-party software suppliers, said Keith Prabhu, CEO of Confidis. He stressed the need for strong security practices in the software development lifecycle (SDLC) and effective management of the software bill of materials (SBOM).<\/p>\n<p>\u201cIn today\u2019s \u2018open source, shared\u2019 world, a lot of vulnerabilities creep into software due to shared libraries provided by third parties,\u201d Prabhu said. \u201cAnother common issue is that various software components of the code are not updated as and when new versions are released due to poor management of the SBOM.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Vulnerabilities in supply chain<\/h2>\n<p>Supply chain incidents are often linked to unchecked trust in vendors, Varkey noted, highlighting the need for continuous monitoring and periodic evaluations of partners\u2019 security measures and commitments.<\/p>\n<p>\u201cSupply chain attacks are becoming increasingly common because they allow hackers to target multiple enterprises with a single incident,\u201d Varkey said. \u201cLimiting the blast radius of a critical partner becoming non-operational is essential and should be integrated into your enterprise BCP\/resiliency plan.\u201d<\/p>\n<p>Companies should perform vendor risk assessments to verify the security controls in place at each supplier, Prabhu advised.<\/p>\n<p>\u201cFurthermore, they should insist on code reviews and VAPT for every product release, including the resolution of critical, high, and medium vulnerabilities identified,\u201d Prabhu said. \u201cLastly, wherever possible, each company should conduct its own VAPT before deploying the code in its environment.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Starbucks is grappling with operational challenges after a ransomware attack on a third-party software provider, affecting the company\u2019s ability to process employee schedules and payroll, according to Reuters. Last week, Blue Yonder, a UK-based supply chain software vendor serving Starbucks and other retailers, acknowledged experiencing service disruptions due to a ransomware attack. \u201cBlue Yonder experienced [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":967,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-966","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/966"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=966"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/966\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/967"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=966"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=966"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}