Brewing giant Lion has been hit by a second cyber attack, a week after its manufacturing and IT systems were shut down by a ransomware attack.
Food & Drink Business understands that the second attack was anticipated and while recovery efforts were interrupted, it had no impact on the work done to restore systems. The Sydney Morning Herald reported Accenture is working with Lion on its recovery.
“Despite experiencing some setbacks over the last 24 hours, which is consistent with this kind of cyber-attack, our team of local and international experts are working hard to safely restore our systems and further improve our defences,” Lion said
The company was at pains to point out that while service levels were not at normal levels, it is “brewing, packing and distributing”.
“It’s important to reinforce that while this attack has had an impact on our operations, we are still brewing beer and manufacturing our dairy and drinks brands, and we’ve managed to keep shipping products to many of our customers.
“While our service is still not at our expected levels, we are doing our very best to resume normal operations,” it said.
Initially the company impact for Lion Australia was temporary shortages or out-of-stocks across both packaged (bottles and cans) and keg brands. In Dairy & Drinks there were ongoing disruptions at manufacturing sites and some of its customer service systems were still offline (Food & Drink Business 16/06/2020).
Lion has revealed that reports of Lion document lists being posted online are being investigated. The company had earlier stated there was no evidence any information, including financial or personal, was affected.
“Unfortunately, based on the experience of others in this situation, it is possible this may have occurred. We’ve made contact with stakeholders as a precaution, as we believe this is the right thing to do.
“In the future, if we have concerns about or if we identify any data misuse, we will be in touch with the affected individuals directly.”
The company stressed people to be vigilant about cyber safety, particularly in terms of telephone, SMS, email and social media phishing scams requesting personal information or payment of money.
Never open attachments from unknown senders, and always check that any email is legitimate before responding, it said.
Ransomware costs "enormous"
Threat analyst Brett Callow with network security firm Emsisoft told Food & Drink Business that companies need to completely rebuild their networks and infrastructure after a ransomware incident rather than simply decrypting their data or restoring it from backups. “This is the only way to eliminate the possibility of a second attack,” he said.
Callow said ransomware incidents result in an average of 16 days downtime. The costs are enormous, with figures projected by research firm Gartner of more than $5600 per minute and Emsisoft’s own “extremely conservative” figure of $10,000 per day. “This figure has no basis in reality and we have included it simply to illustrate the enormity of the costs. The actual costs are almost certainly much higher.”
In Emsisoft’s The cost of ransomware in 2020. A country-by-country analysis report it found Australia had more than 2800 ransom demands, with an estimated cost of US$159.3 million. The total costs of ransom demand and downtime costs Australia more than US$1.07 billion.
PM reveals sophisticated cyber attacks occurring
In a press conference this morning (19 June) Prime Minister Scott Morrison said industry and government agencies around the country had been targeted in cyber attacks.
The level of sophistication of the attacks could only come from a state-based actor, Morrison said.
“This act is targeting Australian organisations across a range of sectors including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.
“What I can confirm, with confidence, based on the advice, the technical advice that we have received, is that this is the action of a state-based actor with significant capabilities,” he said.
When pressed whether it was China, the PM said: “There aren't too many state-based actors who have those capabilities.”
According to The Sydney Morning Herald, the PM’s office later clarified there have been no specific incidents this week and that the concerns were about a growing trend over recent months.
The government has seen an increase in threat activity in recent months in a trend that has overlapped with Australia’s tensions with the China, the paper said.