Even Milk Isn’t Safe from Cybersecurity Threats [Weekly Cybersecurity Brief]

It can be easy to draw conclusions about what would and wouldn’t be a target for a cybersecurity attack. There are some organizations that just seem more likely to be the focus of an incident because of the type of access they oversee or information they hold. However, it isn’t just entities like government agencies, banks or large-scale critical infrastructure facilities that bad actors have their eyes set on. Even the milk you drink can be at the center of a cybersecurity event, as one manufacturer just found out.

H.P. Hood Dairy recently reported that it experienced a cybersecurity-related case that led to the decision to temporarily halt operations at its 13 dairy plants across the country. According to a spokesperson, the incident impacted the company’s IT systems. Therefore, Hood has requested that its 3,000 employees stop using company-based equipment until the designated team is able to clean up the issue. Due to the shut-down, the company announced that it had to discard products as well as delay deliveries. 

While Hood’s actions have hopefully prevented the effects of the event from becoming even more widespread, it does reflect a trend in cybersecurity. No matter sector or size, there is some potential risk in all activity tied to the digital landscape. One style of attack that makes this particularly true is phishing. Phishing campaigns can expose even those at the most individual level to a breach, as demonstrated by browser-in-the-browser (BitB) exploitations that have been picking up pace. The Hacker News reports that this technique is used to mimic a browser window with a third-party single sign-on and legitimate looking domain that tricks the user into entering their information. In addition to putting victims in jeopardy, this category of phishing is particularly concerning because it is essentially “indistinguishable,” as one security researcher explained to The Hacker News.

BitB attacks are certainly not the only phishing campaigns that we need to be mindful of. We must also all be cautious about the emails we are opening and interacting with, especially when using accounts, such as work accounts, which can lead to larger issues. In its cybersecurity news roundup, TechRepublic covered a new threat taking advantage of those thinking that they are receiving communication regarding their Instagram profiles. A warning has been issued that hacker are sending out emails with Instagram branding notifying recipients that they have been reported for violating copyright laws. If clicked, the message leads users to a page set up to gather login information. TechRepublic states that, so far, this campaign has been carried out on “a prominent life insurance company in the U.S.”

Key Takeaways:

“Hackers hit Hood. Dairy shut down milk production this week after ‘cyber security event.’” – Anissa Gardizy, The Boston Globe
https://www.bostonglobe.com/2022/03/18/business/school-milk-could-be-short-supply-after-hood-plants-hit-by-cyber-event/

  • H.P. Hood Dairy recently reported that it experienced a cybersecurity-related case that led to the decision to temporarily halt operations at its 13 dairy plants across the country.
  • According to a spokesperson, the incident impacted the company’s IT systems.
  • Due to the shut-down, the company announced that it had to discard products as well as delay deliveries.

“New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable” – Ravie Lakshmanan, The Hacker News
https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html

  • Phishing campaigns can expose even those at the most individual level to a breach, as demonstrated by browser-in-the-browser (BitB) exploitations.
  • This technique is used to mimic a browser window with a third-party single sign-on and legitimate looking domain that tricks the user into entering their information.
  • This category of phishing is particularly concerning because it is essentially “indistinguishable,” as one security researcher explained to The Hacker News.

“Cybersecurity news: LokiLocker ransomware, Instagram phishing attack and new warnings from CISA” – Veronica Combs, TechRepublic

https://www.techrepublic.com/article/cybersecurity-news-lokilocker-ransomware-instagram-phishing-attack-and-new-warnings-from-cisa/

  • TechRepublic covered a new threat taking advantage of those thinking that they are receiving communication regarding their Instagram profiles.
  • Hackers are sending out emails with Instagram branding notifying recipients that they have been reported for violating copyright laws. When clicked, the messages lead to a page designed to gather login info.
  • TechRepublic states that, so far, this campaign has been carried out on “a prominent life insurance company in the U.S.”
Share