Pictured: a Molson Canadian facility, as seen from Old Montreal. (Eternalsleeper at en.wikipedia, CC BY 3.0 https://creativecommons.org/licenses/by/3.0, via Wikimedia Commons)
Molson Coors today reported that it has experienced a systems outage caused by a cybersecurity incident that has delayed and may continue to disrupt parts of the company’s business, including its brewery operations, production and shipments.
While the buzz around the security industry was that the company experienced a ransomware attack, Molson Coors did not confirm the nature of the cyber incident.
The Chicago-based brewer, best known for Coors Light and Miller Light and many other legacy beer brands, said in a Form 8-K filing that it has hired a leading forensic information technology firm and legal counsel to help the company investigate and remediate the incident and get its systems back up.
Given the round-the-clock nature of operations at food and beverage companies, much of the IT equipment in manufacturing plants can’t get patched frequently, making these operations a prime target for attacks, said Grant Geyer, chief product officer at Claroty. Geyer said recent Claroty research found that the food and agriculture sector has seen a 56 percent increase in industrial control system (ICS) vulnerabilities from 2019 to 2020, after seeing no increase from 2018 to 2019.
“What’s clear is that industrial operations are now a dream target for cyber attackers seeking financial gain,” Geyer said. “One additional unique and concerning facet of the food and beverage industry is the very broad set of third-party automation vendors that maintain site-to-site access directly into the operational technology environment for maintenance. These connections have surprisingly limited identity and access management controls and even fewer – if any – session monitoring and recording. With so many potential OT entry points, attackers don’t even need to transit the IT/OT boundary to wreak havoc.”
Craig Lurey, CTO and co-founder of Keeper Security, noted that this incident demonstrates how cyberattacks in an environment such as this “can wreak havoc across an entire supply chain – impacting operations, production and even shipment… These facilities continue to be key targets [of] threat actors who are seeking to steal valuable digital IP or manipulate controls – and ransomware is a fairly quick and easy way to do this. In a case like this, educating the first line of defense, employees or plant operators on best practice around passwords and endpoint security across the entire data environment is crucial to avoid a situation like this in the future.”