Cyber Threats to UK Food Supply Chain
Staying ahead in today's world, well, it means cutting through all the noise, doesn't it? Getting to what truly matters.
Speaker 2:Yeah. Exactly.
Speaker 1:You wanna be well informed and, you know, you want it fast. Uh-huh. And that's exactly what we're doing today. We're diving deep into something pretty critical that's been, well, making headlines.
Speaker 2:The recent cyber attacks. Right? Targeting The UK food supply chain.
Speaker 1:That's the one. A real spike recently.
Speaker 2:Yeah. We've pulled together a a detailed analysis looking at these incidents from, say, February 2022 right up to May, '20 '20 '5.
Speaker 1:Okay.
Speaker 2:And our report, it basically synthesizes a whole range of sources, news articles, expert commentary, government statements, know, the lot.
Speaker 1:So think of this as your kind of streamlined briefing. We're pulling out the key insights.
Speaker 2:Right.
Speaker 1:What are the threats? Who's behind them? And maybe most importantly, what are the real world impacts for something as basic as the food on our plates?
Speaker 2:Absolute vital stuff.
Speaker 1:Okay. Let's unpack this. So let's get straight into it. Spring twenty twenty five, it saw this this really significant cluster of cyber attacks. It almost felt, I don't know, coordinated somehow, hitting UK retail first.
Speaker 2:It really did feel like that. The Easter twenty twenty five attack on Marks and Spencer, that was a huge incident.
Speaker 1:Ten minutes.
Speaker 2:Yeah. Severe ransomware. Yeah. You know, that malicious software that locks everything down until you pay up an extortion too. It basically crippled their operations for, well, about three weeks.
Speaker 1:Woah. Three weeks for a giant, like, MNS. That's massive. And the impact, it sort of rippled outwards,
Speaker 2:didn't it? Oh, absolutely. Online orders, click and collect, they just ground to a halt.
Speaker 1:Right.
Speaker 2:Even things like contactless payments in stores were hit. Right. And, yeah, there were reports of some empty shelves because their food supply systems had to be taken offline sort of as a precaution.
Speaker 1:It really shows how these, these cyber hits on consumer businesses can just cascade into logistics nightmares, exposes all those hidden digital links even in traditional retail.
Speaker 2:Precisely. Yeah. And, you know, beyond the operational chaos, the attackers also nicked customer data, addresses, emails, that sort of thing. Oh. The financial hit for M and S was, well substantial millions in lost sales.
Speaker 1:And then almost immediately after the co op got hit too, sounds like they maybe handled it a bit better managed to limit the damage?
Speaker 2:They did actually, they spotted an intrusion really quickly after the MNS attack.
Speaker 1:Okay.
Speaker 2:And they proactively shut down their IT systems. Pretty decisive move.
Speaker 1:Good call.
Speaker 2:Yeah. They stopped the ransomware from actually deploying, which is huge, but it still caused short term problems, you know, empty shelves again, payment issues, delivery snags, the usual disruption.
Speaker 1:But like M and S, they still had data stolen. Didn't they?
Speaker 2:Unfortunately. Yes. The same threat actor actually claimed responsibility for both attacks.
Speaker 1:Really?
Speaker 2:Yeah. And they managed to steal personal data from up to get this 20,000,000 co op customers names, contact info.
Speaker 1:20,000,000. That's staggering. It really shows what these criminals are after that personal data. Even if they don't get the ransom, the data itself is valuable.
Speaker 2:Exactly. Huge potential for ARM there.
Speaker 1:It's sobering, that scale. And Harrods too, around the same time. They had an attempt.
Speaker 2:They did. Thankfully, it seems like they kinda dodged a bullet there.
Speaker 1:Okay.
Speaker 2:Their quick preemptive shutdown seems to have limited the damage, and there's no confirmed data breach in their case.
Speaker 1:Mid use for them.
Speaker 2:But the fact that the NCSC, that's the National Cybersecurity Center, the UK's sort of cyber authority, got involved with all three retailers, that really tells you something.
Speaker 1:Yeah. It shows the level of official concern, suggests they were worried about a bigger campaign.
Speaker 2:Absolutely. I think the NCSC even called these attacks a wake up call.
Speaker 1:That's strong language from them.
Speaker 2:It is. And the disruption didn't stop with retail. Mid May twenty twenty five, Peter Green chilled got hit with ransomware. They're a really, really critical part of the food supply chain.
Speaker 1:Peter Green chilled. Remind me what's their specific role?
Speaker 2:They're a major gold chain distributor. So they handle the fresh and frozen stuff for a lot of the big supermarkets, Tesco, Sainsbury's, Aldi, places like that.
Speaker 1:Right. Okay. So an attack on them could have a massive knock on effect across the board. What actually happened?
Speaker 2:Their warehouse management systems, their ordering systems completely halted, just stopped. Wow. Couldn't accept any new orders. So you quickly get this backlog of fresh food building up, you know, real worries about stuff spoiling. There were reports of thousands of packs of meat just stuck.
Speaker 1:Oh, no.
Speaker 2:Yeah. They were scrambling trying to use emergency manual workarounds just to keep some things moving.
Speaker 1:That really throws a spotlight on how fragile these interconnected supply chains are, doesn't it? We don't always think about these middlemen distributors.
Speaker 2:Exactly.
Speaker 1:But if a key link like that goes down, suddenly supermarkets can't restock, and you could easily see local shortages and, well, a lot of wasted food.
Speaker 2:Precisely. And these sectors like food logistics, where everything is time sensitive because of perishable goods, they're becoming prime targets.
Speaker 1:Why is that?
Speaker 2:Well, cyber criminals know there's huge pressure to get back online fast. Oh. That urgency makes companies more likely to just pay the ransom quickly.
Speaker 1:Ah, makes sense. So do we know who is behind the MNS and co op attacks? Sounds like they left some clues.
Speaker 2:The the current thinking points pretty strongly towards a group called scattered spider. You might also hear them called zero catapus.
Speaker 1:Scattered spider. Okay. And what are they known for?
Speaker 2:They're really known for their social engineering tactics. Very effective at it.
Speaker 1:Social engineering. So that's basically tricking people into giving up access. Right? Not just hacking systems directly.
Speaker 2:Exactly that. They'll pretend to be IT support trying to fool employees into giving away passwords or clicking malicious links.
Speaker 1:Sneaky.
Speaker 2:Very. In these cases, they apparently use things like MFA fatigue, just hammering users with multi factor authentication pings until they accidentally approve one.
Speaker 1:Oh, I've heard of that. Annoying but dangerous.
Speaker 2:Yeah. And even SIM swapping, tricking mobile companies into moving your phone number to their SIM card to get security codes. It's all about getting that first foot in the door.
Speaker 1:That's quite sophisticated in a manipulative way. It sounds like they were inside the systems for a while before anyone noticed.
Speaker 2:It seems so. In the M and S case, it's thought they had quiet access for several weeks.
Speaker 1:Weeks?
Speaker 2:Yeah. Slowly moving around, escalating their privileges, pulling out data all before they launched the actual ransomware. The specific type they used apparently is called Dragon Force.
Speaker 1:Dragon Force. Definitely sounds dramatic.
Speaker 2:It does. And apparently they even sort of taunted the co op afterwards for stopping the encryption part.
Speaker 1:Really?
Speaker 2:Yeah. Basically saying co op ruined their plan by shutting things down so fast. But even without the full encryption at co op, they still got away with all that customer data.
Speaker 1:Which gives them leverage for extortion anyway.
Speaker 2:Exactly. And M and S of course had to tell millions of customers to reset passwords after their breach.
Speaker 1:So the big question then, state sponsored or just criminals?
Speaker 2:Well, the current assessment based on the evidence so far is that these twenty twenty five attacks look like financially motivated cybercrime, not something directed by a nation state. But the investigations are definitely still ongoing. The Met Police and the NCSC are working together on it. The timing, the similar tactics against MNS and co op, it does strongly point to a coordinated campaign by this scattered group.
Speaker 1:Okay. So this recent wave is definitely worrying, but this isn't exactly new, is it? We've seen other attacks hitting The UK food and logistics sector over the last few years.
Speaker 2:No. You're absolutely right. If you look back to February 2022, right around when Russia invaded Ukraine Mhmm. KP Snacks got hit.
Speaker 1:Ah, yes. The hula hoops people. Tyrol's crisps too. I remember that. Worries about crisp shortages.
Speaker 2:Exactly. They were hit by Conti ransomware.
Speaker 1:Conti, another known group.
Speaker 2:Yeah. A big one at the time. Their IT systems went down and they had to warn retailers about potential delivery delays for all those popular snacks. And Conti, well, they had known links to Russia and significantly, they openly backed the Russian government right then. They also stole corporate data in that attack.
Speaker 1:Right. That timing was definitely noted.
Speaker 2:And it's worth remembering, even before that, back in December 2021, a cyber attack hit a distributor for Spar. It actually forced hundreds of Spar shops in the North Of England to close temporarily.
Speaker 1:Wow. Okay. So even pre Ukraine war,
Speaker 2:this
Speaker 1:is Yeah.
Speaker 2:These vulnerabilities aren't brand new.
Speaker 1:And it wasn't just the food producers, right? Logistics companies got hit too.
Speaker 2:Absolutely. June 2022, Yodle, the delivery company, had a suspected ransomware attack.
Speaker 1:Yodle. Yeah.
Speaker 2:They didn't share tons of details, but their operations were messed up for days. Parcel tracking was down. Deliveries were delayed.
Speaker 1:And even if they aren't directly handling food, disrupting deliveries screws up the whole flow, including groceries people order online.
Speaker 2:Exactly. Right. If the delivery network seizes up, it affects everything.
Speaker 1:Makes sense.
Speaker 2:Then January 2023, a really big one. Royal Mail.
Speaker 1:Oh, yeah. That was amazing.
Speaker 2:Hit by Lockbit ransomware, international post exports, basically ground to a halt for days. They had data stolen, got a ransom demand. Yeah. It was a mess.
Speaker 1:And Lockbit, another group with Russian links.
Speaker 2:Yeah. Generally understood to have Russian ties. And hitting Royal Mail, that's critical national infrastructure. It really showed the potential for widespread chaos, and it cost Royal Mail a fortune to recover.
Speaker 1:It's quite a list of incidents when you lay it out like that. Seems like pretty much every part of the food chain is vulnerable.
Speaker 2:Sadly, that's the picture. And there are others, less publicized maybe.
Speaker 1:Mhmm.
Speaker 2:A cyber incident hit niece's parent company in 2023. There was a ransomware attack on a British bakery and flour mill late twenty twenty two.
Speaker 1:Right.
Speaker 2:The big supermarkets have definitely been boosting their security. You know, they have. But even smaller retailers like the works have been targets. The common thread, everything from farm to fork relies more and more on digital systems, and that just creates openings for attackers.
Speaker 1:So who are the main players doing this? It really sounds like these ransomware gangs are driving most of it.
Speaker 2:Yes. Overwhelmingly, it's financially motivated ransomware gangs. Groups like Conti, Lockbit, Reevil, and as we've talked about, Scattered Spider, ALPHV. These are the names cropping up again and again in attacks on food and logistics.
Speaker 1:And many seem to operate out of Russia or Eastern Europe or at least with some tolerance from there.
Speaker 2:That's the general consensus in the cyber intelligence world, yes. They often operate from jurisdictions where they're less likely to face prosecution as long as they target entities outside those areas. Their main goal is money encrypt data, threaten to leak it, demand a ransom.
Speaker 1:You mentioned Conti's pro Russia stance back in 2022. That feels significant. Blurs the lines a bit.
Speaker 2:It really did. It raised questions about whether their attacks, even if primarily for profit, might also align with or be tacitly encouraged by state agendas during periods of high tension, a concerning overlap.
Speaker 1:And locked it, the royal mail attackers. More purely criminal.
Speaker 2:They seem to be. Yes. Yeah. But their willingness to hit critical infrastructure purely for cash can still indirectly help hostile states just by causing massive disruption and economic pain. The thinking is maybe they're allowed to operate because they cause problems for Western countries.
Speaker 1:And scattered spider. They seem a bit different again with that heavy focus on social engineering.
Speaker 2:They are. They show real skill in manipulation. What's interesting is they seem to have members in various countries, possibly including Western ones, not just Russia or Eastern Europe.
Speaker 1:Okay.
Speaker 2:But they do often partner with ransomware operations that are linked to Russia, like ALPHV. And those simultaneous attacks in The UK and US back in May, that suggests a pretty well organized financially driven campaign.
Speaker 1:What about hacktivist groups like Killnet? Have they targeted food supplies?
Speaker 2:Their main thing so far has been DDoS attacks, distributed denial of service, basically flooding websites to knock them offline. Right. You've gone after government sites, hospitals, things like that, mainly in countries supporting Ukraine. The food sector hasn't really been their focus. There have been maybe some minor hits on transport sites in Europe that could indirectly affect things.
Speaker 1:So less about ransom, more about disruption
Speaker 2:and Exactly. More political statement than big money. But the worry is always there could state actors kind of point these groups towards more targets like food distribution if it suited them?
Speaker 1:It keeps coming back to that pressure point, doesn't it? Food is just so fundamental. Any disruption causes immediate worry, which is exactly what these attackers, especially the ransomware gangs, want to exploit.
Speaker 2:Precisely. That sense of urgency is their leverage.
Speaker 1:So given all this, what's the official line? Are foreign states directly involved in attacking our food chain?
Speaker 2:The official UK government position, particularly regarding those Spring twenty twenty five retail attacks, is that they appear to be cybercrime, not direct state cyber warfare.
Speaker 1:There
Speaker 2:hasn't been any public attribution to a specific government for those incidents. The tactics, ransomware, data leak throws, they really fit the pattern of financially motivated crime.
Speaker 1:But it sounds like behind the scenes, the government, the intelligence agencies, they're still very worried about state threats more broadly.
Speaker 2:Oh, absolutely. They readily acknowledge that the line between state sponsored and purely criminal hacking can get very blurry. You know, Russia's aggression for example might inspire non state hackers. Or criminal attacks, even if not state ordered, can still end up helping geopolitical goals just by causing chaos and economic damage in rival countries.
Speaker 1:And we have heard warnings from the NCSC leadership about Russia specifically being a major cyber threat.
Speaker 2:Yes, consistently. Both the previous NCSE chief and the current one have highlighted Russia as a highly capable, potentially reckless cyber adversary. They've explicitly mentioned targeting critical systems including supply chains. Current chief talked about exploiting our digital dependence for disruption.
Speaker 1:So even if the recent attacks are mainly criminal ransom attempts, the potential for a state to do something more strategic is definitely on their minds.
Speaker 2:Exactly. Critical national infrastructure and that absolutely includes food and agriculture is seen as a potential target for state aligned hackers maybe as part of, you know, hybrid warfare tactics.
Speaker 1:And The UK has been on higher cyber alert since the Ukraine war started.
Speaker 2:Yes, definitely. Now, so far, we haven't seen a direct state attack on The UK food supply like, say the NotPetya malware back in 2017. That wasn't aimed at food, but it crippled global logistics showing the potential scale.
Speaker 1:Right, now Pecce was huge.
Speaker 2:Yeah, but the risk hasn't gone away. And The UK's National Cyber Strategy specifically calls out food security as part of national security, stressing the need to protect those supply chains from both criminals and state threats.
Speaker 1:What about other states? China, for instance.
Speaker 2:With China, the main concern historically has been more around cyber espionage, stealing intellectual property sensitive data. So the food and logistics area, maybe they're more interested in mapping supply chains, getting tech secrets from agriculture companies. The NCSE has warned China could position itself for disruptive attacks in future but the immediate disruptive threat to UK infrastructure. That's still seen as coming more from Russia linked actors.
Speaker 1:Okay. So the key messages. Recent attacks look like crime for cash. But the bigger picture, the geopolitical risk of a state deliberately targeting food supply, is very real and why it's treated as critical infrastructure.
Speaker 2:That sums it up perfectly. The criminal threat is here and now the state threat is a serious potential danger.
Speaker 1:It definitely sounds like the UK government and the intelligence agencies are taking this extremely seriously. What sort of public comments have we heard from them?
Speaker 2:Well, the NCSC's annual review for twenty twenty three-twenty four, it painted a pretty stark picture. They noted a threefold jump in major cyber incidents. Threefold? Yeah. And they warned that lots of organizations are basically underestimating how bad the threats are.
Speaker 2:There's this widening gap they said between how sophisticated attacks are getting and how good our defenses are. They stressed the urgent need for critical sectors like food to get more resilient, faster.
Speaker 1:And their response to the recent MNS and co op hacks seemed to underline that urgency.
Speaker 2:Absolutely. Yeah. The NCSC publicly confirmed they were working directly with M and S, co op, Harrods. They put out immediate guidance to the whole retail sector on basic cyber hygiene.
Speaker 1:Like what?
Speaker 2:Things like really locking down multifactor authentication Mhmm. Better checks at IT help desks to stop those social engineering tricks, having solid plans for what to do when an incident happens. And the fact the head of NCSC called it a wake up call that really signals how serious they view it.
Speaker 1:Have politicians weighed in too?
Speaker 2:MPs. Yes. MP Matt Western, he chairs the joint committee on the national security strategy. Mhmm. He explicitly linked these retail hacks to national security.
Speaker 1:Okay.
Speaker 2:He talked about the threat to the food supply chain, the impact on local communities if shelves stay empty. He basically argued, we need to treat ransomware seriously as terrorism or hostile state attacks Mhmm. Because the potential impact is so wide.
Speaker 1:And the security services themselves? MI five, MI six? Are they focused on this?
Speaker 2:Very much so, it seems. Baroness Manning Em Buller, the former head of MI five, she stated flat out, food is part of our national security.
Speaker 1:Clear statement.
Speaker 2:Yeah. Emphasizing how vital resilience in food production and distribution is. The current MI5 director general, Ken McCallum, he's warned about more unconventional attacks happening and the need for businesses to, as he put it, harden the roof, basically, boost their cyber defenses significantly. Mhmm. And GCHQ to the NCSC has been actively briefing food industry bosses on these threats.
Speaker 1:So it's not just talk. There's actual guidance. Even training exercises happen.
Speaker 2:Exactly. The NCSC has put out specific guides on supply chain security. They've even run simulation exercises like, what happens if the software running a food distribution hub gets hacked? It shows they recognize the vulnerability and they're trying to get the sector prepared even though we haven't, thankfully, seen that kind of direct state attack on The UK food supply yet.
Speaker 1:Now this isn't just a UK problem, is it? Looking internationally, we've seen similar attacks elsewhere.
Speaker 2:Oh, definitely not just a UK issue. Correct. Looking globally gives really important context. The 2021 ransomware attack on JBS Foods. That was a massive wake up call worldwide.
Speaker 1:JBS, the giant meat process.
Speaker 2:The world's largest. The attack hit their operations in The US, Canada, Australia. It caused shutdowns, worries about meat prices. They ended up paying an $11,000,000 ransom. And US authorities pointed the finger at a Russia based group for that one.
Speaker 1:Wow. That showed how even huge global food companies were vulnerable.
Speaker 2:It really did. And then there was the Kossaia incident, hit Koop Sweden also in 2021.
Speaker 1:Kossaia. That was a supply chain attack, right? Through software.
Speaker 2:Exactly. Ransomware got in via an IT software provider they used. It crippled Koop Sweden's tills their cash registers. Hundreds of their grocery stores across Sweden had to close.
Speaker 1:Hundreds of supermarkets closed. Just like that. That's a huge direct impact on ordinary people.
Speaker 2:It was massive. And it really highlighted the risk of relying on third party software in critical areas. Around the same time over in The Netherlands, Baker Lougestac, another big food distributor, got hit by ransomware.
Speaker 1:What happened there?
Speaker 2:Caused shortages in Dutch supermarkets. Apparently, cheese was particularly affected. It's very similar to what happened more recently with Peter Green chilled here in The UK.
Speaker 1:So these attacks on the logistics hubs, the distributors, they really do translate directly into empty shelves pretty quickly.
Speaker 2:Instantly. Almost. And we've seen attacks further up the chain too. Right. Dole Food Company, the fruit and veg giant, got hit in 2023.
Speaker 2:Disrupted production, shipments of fresh produce caused shortages in The US shows the growers and producers are targets too. And there was an attack on new cooperative in The US, a big grain co op that raised serious worries about animal feed supplies, which is fundamental for meat and dairy.
Speaker 1:Right. It's the very start of the food chain.
Speaker 2:Yeah. And there'd be others. Lion in Australia, they do beverages, food processors in Australia, New Zealand, Maple Leaf Foods in Canada, another meat company. It's a global pattern.
Speaker 1:So it sounds like a consistent playbook. Hit critical points in the supply chain, maybe time it for maximum impact, use the public disruption to pressure for ransom payments, That link to Russia or Eastern Europe keeps popping up.
Speaker 2:It does. Most incidents are classed as cybercrime. But the fact that so many of these groups seem to operate from with some level of impunity in places like Russia, it constantly raises that question about state tolerance or maybe even indirect alignment, especially when geopolitical tensions are high.
Speaker 1:Like the Colonial Pipeline attack in The US.
Speaker 2:Exactly. Critical infrastructure hit by a Russia based criminal group. And there have even been reports of Russian cyber ops specifically targeting Ukrainian agriculture since the war. So, yeah, while money seems to be the main driver for most food sector attacks we've seen, that state connection is always lurking in the background. It's a persistent worry.
Speaker 1:Okay. So as we wrap up this deep dive, what's the main thing we should take away from all this about cyber attacks and The UK food supply?
Speaker 2:I think the core message is this. The UK food supply chain, it's definitely a significant target. It's becoming an increasingly attractive target for cyber threats. And right now, the main actors are these financially driven ransomware gangs.
Speaker 1:And crucially, these aren't just abstract IT problems. They have real tangible consequences that could easily affect you and me.
Speaker 2:Absolutely. We're talking potentially empty shelves in your local shop, food spoiling because the cold chain is broken, delays getting essential groceries delivered, real world stuff.
Speaker 1:And while the attacks we've seen recently seem mostly criminal, that bigger geopolitical picture, it adds another layer of concern, doesn't it?
Speaker 2:It does. The ongoing tensions, particularly with nations like Russia, mean we can't ignore the possibility that state aligned groups might also target the food chain, perhaps for strategic disruption rather than just money.
Speaker 1:It really sounds like there's a growing realization now in government and intelligence circles here in The UK that keeping our food supply secure is absolutely fundamental to national security.
Speaker 2:Precisely. We're seeing much more focus on it. Calls for stronger security measures, yes, but also things like better mapping of how all these supply chains actually link together, improving how everyone responds when an incident does happen, maybe even looking at specific regulations for the sector down the line.
Speaker 1:And because these threats are global, The UK can't just solve this on its own, can it?
Speaker 2:No. Absolutely not. Working with other countries, sharing information, learning from incidents that happen elsewhere, that's gonna be crucial for building better defenses against these constantly evolving threats.
Speaker 1:This has been really eye opening. It certainly makes you think about all those complex, often invisible digital systems that are working behind the scenes just to get food onto our tables.
Speaker 2:Doesn't it, Jeff?
Speaker 1:So on that note, maybe here's a final thought for you, the listener. When we rely so heavily on these intricate interconnected digital networks for something as basic, as essential as our food, what wider vulnerabilities does that expose in society? And what else might we need to do beyond just companies beefing up their own cyber security to really safeguard something so fundamental? Definitely something to mull over.
