No! not the Beer. Cyber Attack Brought Molson Coors to a Halt

By Yevgeny Dibrov, Co-founder and CEO

In some countries, breweries have been classified as ‘essential’ during the pandemic. So when North America’s largest beer maker suddenly ceased production in March due to a cyber-attack it sent shockwaves through the industry and around the globe. What could make this multi-billion dollar empire grind to a halt? How do you ensure your organization does not suffer the same outcome?

Food and beverage companies often run 24/7, with potentially catastrophic effects when the production chain is disrupted. In this particular case, a suspected ransomware attack left the company behind iconic brands like Pilsner, Miller and Grolsch unable to access systems involved in the production and shipments of popular drinks. This type of industrial sabotage  is regrettably not uncommon, as selling remote access into organizations is a documented ecosystem approach for ransom groups and this type of attack in manufacturing has tripled in 2020.

The revenue impact of the sabotage is still being calculated but – as described in the regulatory document – the company also expects incremental one-time costs related to consultants, experts and data recovery efforts in both their first and second quarters of 2021.

Molson Coors joins an ever-growing list of high-profile companies hit with a major disruption to its business. The combination of the critical nature of the manufacturing process and potential security vulnerabilities with OT/ICS assets, has created the perfect playground for cyber criminals. And while the precise nature of the cyber attack is yet to be disclosed, we believe that Armis is uniquely positioned to prevent, detect and respond to similar incidents.

IT/OT Convergence

Manufacturing processes around the globe have increasingly been relying on IT and OT technology. But the real game changer is that previously isolated manufacturing networks slowly integrated with IT networks, exposing OT assets and Industrial Control Systems (ICS) to a wider range of threats. Cybercriminals now have an IT and OT backdoor onto the company network.

Purpose-built for manufacturing

Hackers look at IT, OT and IoT devices as a single continuous system, and so should you.

Detecting cyber-attacks cannot be based on traditional security agents only – or worse – network-based scans that could take down your OT devices. This calls for a different approach.

The Armis Agentless Device Security platform discovers, classifies, and identifies threats for every type of OT, IT and IoT device in your environment – non-disruptive and no agents needed. With the Armis platform you can:

• Identify vulnerable devices in your environment
• Monitor device behavior to detect compromises or policy violations
• Take actions to quarantine suspicious or malicious devices
• Stop attacks from moving laterally from device to device

That’s how Armis keeps your operations running.

Traditional threat response solutions are blind to unmanaged devices

Molson Coors engaged Forensic IT firms to investigate the exact nature of their incident, in order to properly assess the attack. This is a process where many companies will also turn to traditional Endpoint Detection and Response (EDR) systems, relying on agents. But agents can’t be installed on the vast majority of OT devices. Here again, we offer a different approach. Our agentless platform continuously monitors:

• the state of each device in your environment
• the connections made by each device

This information is recorded and stored in our cloud-based system so that, when a security event occurs, your security team can scroll back in time to see the scope of the breach, what devices were communicated with, over what protocols, and how much data was transmitted to determine the damage and risk to the business. Armed with this information, organizations are better equipped to identify the root cause, restore operations and take precautionary actions.

To learn more download the whitepaper “Securing IT & OT Environments” or request a live demo to see how you can see and secure every OT asset in your environment.