Ferrara Candy, the candy giant behind Nerds, Laffy Taffy, Now and Laters, SweetTarts, Jaw Busters, Nips, Runts and Gobstoppers, announced that it was hit with a ransomware attack just weeks before it prepares for one of its biggest holidays: Halloween.
The attack was detected by the Illinois-based company on October 9 when it encrypted several of Ferrara’s systems. Ferrara is working with authorities to recover the affected systems and return to full capacity of operations.
Glasswall's CEO, Danny Lopez, says: "It's likely no coincidence that attackers are hitting a candy company's supply chain just before Halloween, knowing full well the urgency and demand at this time of year will increase the likelihood they'll get the payment desired. Ferrara, however, is not alone. Ransomware attacks across industries are on the rise.
"Organisations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It's vital to control privileged access and to monitor those that enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible, is a vital defence where user credentials find their way into the public domain. This will help to limit the blast radius, and in most cases, defeat the data breach.
"Even if all procedures and policies are well executed, then there's no escaping the fact that adversaries are constantly looking to probe vulnerabilities and to insert malware into the environment, often using everyday business documents which we all use. It's vital that critical infrastructure organisations invest in cyber protection services that stay ahead of attackers by eliminating the threats while still allowing employees to do their vital work.
"Attacks like these demonstrate that a traditional castle-and-moat approach to network security leaves organisations exposed. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers it is crucial to strengthen all processes relating to access verification. Without a zero trust approach organisations run the risk of attackers having a free reign across a network once they are inside.”
Neil Jones, Cybersecurity Evangelist at Egnyte says: "The recent Ferrara Candy ransomware attack, along with the JBS and Colonial Pipeline cyber attacks that preceded it, demonstrates that your organisation needs to make cybersecurity a Boardroom priority, if you haven't done so already.
"For years, cybercriminals have attacked targets for financial gain, but now we're seeing an alarming pattern of debilitating attacks on our food, critical infrastructure, and IP supply chain, which can have a crippling impact across the US economy. While advocating support from your executive team, you need to implement proactive data hygiene and protective behaviours, such as patching your CVEs and hardening your databases now. It could be a real lifesaver."
Based in the UK, Glasswall protects organisations from file-based threats and is recognised in the field of content, disarm, and reconstruction (CDR). Recently, the company has secured £18 million funding in additional equity capital to finance its continued expansion.
Egnyte is a global software company that provides a cloud platform for enterprise file synchronisation and sharing as well as content and data governance for business customers.