Expect shortages of KP Nuts and their other products. They've been hacked. (2 Viewers)

[Carpmart]

Two points here. They are not allowed to stay silent. 2 Main reasons but not the only ones. All attacks on companies now need to be disclosed where there has been a data breach. Also anything that may have a significant impact on a companies earnings or profitability has to be disclosed for any public company as it may affect share prices.

You make good points…

I tell anyone with A level aged kids to get them on a path to being a CISO as there are fundamentally too few people in this profession!

I’m aware that data breaches need to be notified (in most cases), however the magnitude of the operational impact does not. Interesting KP wanted to expose that in the way they have!

Pfeifer & Langen industrial are the ultimate parent company and privately owned not listed

 

[Carpmart]

Carpmart

You may find this interesting.

How Long Do You Have To Report a Data Breach Under the GDPR?

When do data breaches need to be reported, and how long do you have to respond? In this post, we explain everything you need to know.

www.itgovernance.co.uk

The reason this breach was probably notified was the hackers may have gained access to employee records, payroll data, contact records of people at companies both suppliers and customers.
For instance if their contact database included a field mobile (personal) then the second those records were breached they are obliged to notify.

Agree. ‘May have’ being the key thing here. Rather than chance large percentage of turnover fines, better to notify. Chances are they don’t know where the hackers have gone, hence notifying…

 

[John Barrett]

Less than a full blown breach will cost them in the long term..

'Shell Out' ?

 

[Gromett]

You make good points…

I tell anyone with A level aged kids to get them on a path to being a CISO as there are fundamentally too few people in this profession!

I’m aware that data breaches need to be notified (in most cases), however the magnitude of the operational impact does not. Interesting KP wanted to expose that in the way they have!

Pfeifer & Langen industrial are the ultimate parent company and privately owned not listed

ok, They are not a Public company...
Here is another reason for public disclosure.

They will have to have told their customers about delays in delivery along with predictions for resumption of supply. They could lie to their customers with a false reason which would be guaranteed to back fire.
If they hadn't publicly disclosed what had happened then rumours would have gone round about the company many of which could have been far more damaging.
Staff members would have talked and it would have leaked. The press would have got hold of it and who knows where they would have gone with it. Why are KP keeping this breach secret. Is it that serious? etc etc.

It is better to be upfront about these things in my experience.

 

[Badknee]

Fortunately it appears it is not not crypto ransom. So it is just a case of securing their network.
This is harder to do than a normal person would expect, but easier than dealing with a fully encrypted data set.

My SIL works for the Co-op and has been working for weeks after a payroll company was hacked. Big problem apparently

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

This is the reason for the disclosure.

KP Snacks supply chain shut down by Conti ransomware attack

Crippled IT systems are unable to process new orders "safely" and could be down until late-March

www.itpro.co.uk

 

[Gromett]

My SIL works for the Co-op and has been working for weeks after a payroll company was hacked. Big problem apparently

3 Payroll companies have been attacked in the last month or so from memory. Hurting a lot of self employed people

 

[Gaston aires]

Poor staff must be sweating their cobs off.

 

[Carpmart]

ok, They are not a Public company...
Here is another reason for public disclosure.

They will have to have told their customers about delays in delivery along with predictions for resumption of supply. They could lie to their customers with a false reason which would be guaranteed to back fire.
If they hadn't publicly disclosed what had happened then rumours would have gone round about the company many of which could have been far more damaging.
Staff members would have talked and it would have leaked. The press would have got hold of it and who knows where they would have gone with it. Why are KP keeping this breach secret. Is it that serious? etc etc.

It is better to be upfront about these things in my experience.

I understand your view and reputational risk is a tricky path to navigate, just as the poor lady CEO of talk talk!

They had to notify, I agree with that point completely, so it had to be public domain. I just would have counselled them to not enhance the hackers position and be a bit more clever about what and the way things are put out there. They clearly are a very badly run business, with likely poor leadership and probably do not have any external PR support and major breach support.

 

[Gromett]

I understand your view and reputational risk is a tricky path to navigate, just as the poor lady CEO of talk talk!

They had to notify, I agree with that point completely, so it had to be public domain. I just would have counselled them to not enhance the hackers position and be a bit more clever about what and the way things are put out there. They clearly are a very badly run business, with likely poor leadership and probably do not have any external PR support and major breach support.

This is how the news got out. KP sent a letter to all customers and the one to one of the NISA partners was leaked to the press.

KP Snacks giant hit by Conti ransomware, deliveries disrupted

KP Snacks, a major producer of popular British snacks has been hit by the Conti ransomware group affecting distribution to leading supermarkets.

www.bleepingcomputer.com

I personally want my suppliers to be honest with me. And a letter such as this would be much better than a PR companies prose that glossed over the cause and the effects. This type of honesty is appreciated by business customers.

For a company dealing with the public, a different approach and wording may have been warranted but I doubt it.

^{_{Subscribers  do not see these advertisements}}

 

[Carpmart]

This is the reason for the disclosure.

KP Snacks supply chain shut down by Conti ransomware attack

Crippled IT systems are unable to process new orders "safely" and could be down until late-March

www.itpro.co.uk

View attachment 582197

Still a crazy situation…I bet you could set up some new ‘boilerplate’ basic operating systems for them in a day..

They are just letting the attackers know that they have them by the short and curlies

 

[Gromett]

Still a crazy situation…I bet you could set up some new ‘boilerplate’ basic operating systems for them in a day..

No I couldn't. That is a HUGE job and for a factory that size would probably be a lead engineer and a team of at least 2 or 3.
Along side that you would need specialists in SCADA, Networking, Windows Servers, Linux Server and routers.

I do not blame KP for this attack. No matter how secure you make it there will always be vulnerabilities.
the only secure computer is one that is turned off and disconnected from the power and network.

They are just letting the attackers know that they have them by the short and curlies

Or they are telling the attackers, you got us, we will fix it, screw you.

 

[Gromett]

Carpmart

Check this out. You may be surprised.

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State (Published 2020)

The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.

www.nytimes.com

 

[meanders]

Still a crazy situation…I bet you could set up some new ‘boilerplate’ basic operating systems for them in a day..

Without accessing all the data and history? I doubt they couldn't get raw materials in the door in any form of controlled manner bearing in mind local storage will be minimal with just in time deliveries, and much of them will be perishable?

Recovery from this is going to be more than very difficult I suspect.

I don't know if they have other factories abroad that are not affected, but if they do, that's the way to go certainly in the short term but possibly used as a cover to move production elsewhere.

Gromett got in ahead of me.

 

[Carpmart]

No I couldn't. That is a HUGE job and for a factory that size would probably be a lead engineer and a team of at least 2 or 3.
Along side that you would need specialists in SCADA, Networking, Windows Servers, Linux Server and routers.

I do not blame KP for this attack. No matter how secure you make it there will always be vulnerabilities.
the only secure computer is one that is turned off and disconnected from the power and network.


Or they are telling the attackers, you got us, we will fix it, screw you.

I’m ex SAP. We set up a company with a completely new templated ERP ‘get them out of the crap’ system in 24hrs.

Buying raw ingredients from vendors and then manufacturing and packing something and invoicing is relatively simple if you focus on the important steps in the process. Some catch-up can be played later, but it has to be preferable to shutting down your business and losing out to your competitors everywhere. I’m sure their customers would be helpful for a period…

There are common themes to companies who get hacked. Good return for hackers, poorly run business, under investment in security, poor working processes etc etc. the bottom line is you can definately make yourself look like a less attractive target.

^{_{Subscribers  do not see these advertisements}}

 

[Gromett]

I’m ex SAP. We set up a company with a completely new templated ERP ‘get them out of the crap’ system in 24hrs.

I have never dealt with SAP so don't know what areas of the business it covers sorry.

The problem as I understand it is they don't know how the hackers got in, the data they need is encrypted. They can't restore the data onto the existing systems as forensics needs to be completed.
Here lies the rub. Again as I understand the problems are not with the production lines themselves but with order processing and shipping. This requires the data.

You could go in and install brand new computers and servers and deploy an SAP system to run in parallel, but without the data in the correct format and without retraining staff on the new system how much benefit would be gained over just deploying all resources to track down the entry point, close and restore the existing system. Even 5 days downtime could result in disrupted orders for many weeks or even a few months.

There are common themes to companies who get hacked. Good return for hackers, poorly run business, under investment in security, poor working processes etc etc. the bottom line is you can definitely make yourself look like a less attractive target.

Your last statement I fully agree with. You cannot make a system completely hack proof as you just don't have that much control over the software and people are crap at following basic security procedures. You can however design your system to be a tough nut to crack and resilient so that a hit in one area doesn't affect another.


I was once asked by a small company how to make their system completely hack proof. Here is part of the list I gave them. (From memory as I no longer have that document)

Have 2 computers on each desk. One connected to the internet and the other to the internal network. Orders taken on the internet enabled computer are then typed into the computer connected to the internal network.
All wireless connections have to disabled on all machines, computers and equipment in your company.
ALL USB ports have to be blocked up and physically glued to prevent anyone plugging in wifi dongles, 3G dongles or USB memory sticks.
All computers must be in a physical secure box to prevent access by anyone to prevent staff being paid off to do the nasty on you, or someone from outside you company walking in and accessing them.
...

This document went on over 4 pages. He baulked at the first suggestion. He finally got to the end of page 4.
Which said, "These are the solutions to your question, but they won't work in the real world for your business AND even if you did them all you would still not be 100% secure".

He asked me why didn't you just tell me it was impossible to be 100% secure. I asked him "Would you have believed me?" He got my point.

I did a lot of work for him for a number of years and because he got the staff involved as a full team, that is one of the most secure networks I ever saw. The staff were extremely well trained and loved being part of the IT team in a small way.

 

[Gromett]

I just remembered something. Staff got paid for upgrading software and reporting that version to the internal system.
At a glance the boss could look at this internal system to see what software was on each machine, what version and see who was behind on updates.
If the boss had to do the update or even tell you to do the update, you didn't get that part of your bonus.
There was a very small reward for the 1st one to upgrade.

Only the core OS was excluded from this.

The staff also ribbed each other if someone forgot to lock a door, or left their computer without logging out etc. It was slightly competitive environment but still funny.

 

[Carpmart]

I just remembered something. Staff got paid for upgrading software and reporting that version to the internal system.
At a glance the boss could look at this internal system to see what software was on each machine, what version and see who was behind on updates.
If the boss had to do the update or even tell you to do the update, you didn't get that part of your bonus.
There was a very small reward for the 1st one to upgrade.

Only the core OS was excluded from this.

The staff also ribbed each other if someone forgot to lock a door, or left their computer without logging out etc. It was slightly competitive environment but still funny.

Gamification of security…

 

[Gromett]

Gamification of security…

Yup, it was an extension of their already existing bonus scheme. I think from memory he allocated 10 or 20% on top of the wage bills to a specific budget to award the staff.
None of it was performance related, by that I mean for sales targets. It went to thing like a small bonus for whoever did the weekly grocery shop (toilet rolls, coffee, tea milk etc).
There was a team bonus for average number of rings of the phone before answering. A bonus for unsolicited positive feedback from customers. There were loads of things.

It was a small family owned local business who had expanded nationally with the advent of the web. He grew really fast after that. That is when I was called in to install their Netware network, Networked Sage etc, shared storage, backups and network printers etc.
I believe it was because of him I started looking into practical use of Linux due to the built in TCP/IP rather than using IPX.

It was a really sad day when the owner, who was an old guy died and the kids sold the company on and it moved out of the town.

 

[meanders]

NetWare... That takes me back. We ran NW3 then upgraded to 4.1 if I remember correctly. The upgrade was more difficult than the initial install. Wasn't helped by running a mix of Token ring and ethernet networks as well as complex Kilostream links to remote sites running IBM 3270 using NW emulators on the dumb terminals 3270 emulators at the centre. That and NW4 connections on a single PC would not work simultaneously.

^{_{Subscribers  do not see these advertisements}}