Everything we know so far about the United Natural Foods cyber attack

United Natural Foods – North America’s biggest wholesale food distributor and the main distributor for Amazon’s Whole Foods – has been hit by a cyber attack.

The company operates 53 distribution centers and delivers to more than 30,000 locations across the US and Canada, including supermarket chains, e-commerce providers, natural product superstores, and independent retailers.

The attack was revealed in a recent SEC filing, where the firm said it had spotted unauthorized activity on some of its IT systems and had taken certain systems offline as a result.

“As soon as we discovered the activity, an investigation was initiated with the help of leading forensics experts and we have notified law enforcement,” it said in a statement.

“We are assessing the unauthorized activity and working to restore our systems to safely bring them back online.”

The company said it’s working closely with customers, suppliers, and associates to minimize disruption, adding that workarounds for certain operations are in place to continue servicing customers where possible.

Although United Natural Foods hasn’t said as much, the incident is likely to be a ransomware attack. Such attacks have been plaguing retail organizations in recent months.

“Retail businesses are uniquely attractive – and vulnerable – targets for attackers. Their mountains of sensitive customer data, including personal details and payment information, make them prime targets,” commented Warren O’Driscoll, head of security practice at NTT Data UK&I.

“Meanwhile, they operate on cash flow, so any disruption to trade will have significant consequences in their long-term operations.”

Earlier this year, a survey of retail IT decision-makers by Armis found that 41% had encountered a rise in cyber threat activity over the past six months. Eight-in-ten said one of their top goals for this year was the introduction of a proactive cybersecurity posture.

“The United Natural Foods cyber incident is another stark reminder that the retail industry remains a highly sought-after target by hackers, and there appears to be no end in sight,” said Michael Freeman, head of threat intelligence at Armis.

“This is more than a wake-up call to retailers to evolve their cybersecurity playbooks. It requires a mindset shift.”

Recent attacks on the retail industry have included UK firms Marks & Spencer, the Co-op and Harrods, with Google warning that US retailers were also increasingly coming under increasing threat.

“With the United Natural Foods attack, ransomware threat actors clearly taste blood in the water. In this spree of outages, every payout has made them stronger, bolder, and harder to stop,” said O’Driscoll.

“For the state-backed attackers, they’re working for a double reward: a hit to the affected country’s GDP, as well as an under-the-table payout from a company with their back against the wall.”

Source: Kofi Acquah