Molson Coors Beverage Company, a multinational drink and brewing company headquartered in Chicago in the United States, has suffered a cyberattack that has halted its beer-making production.
In a regulatory filing, the company said, "Molson Coors experienced a systems outage that was caused by a cybersecurity incident," the company said in a statement. That systems outage led to a variety of issues for the company, including "brewery operations, production, and shipments."
From Coors Light, Miller Lite, Molson Canadian, Carling, and Staropramen to Coors Banquet, Blue Moon Belgian White, Blue Moon LightSky, Vizzy, Leinenkugel's Summer Shandy, Creemore Springs, Hop Valley and more, Molson Coors produces many popular beer brands. It is unclear how much of the company's production has been disrupted by the cybersecurity attack.
In addition, Molson Coors said it is actively managing the cyberattack and has engaged leading forensic information technology firms and legal counsel to assist the investigation. The company is said to be working around the clock to get its systems back up as quickly as possible.
Craig Lurey, CTO and Co-founder of Keeper Security, explains that this cyberattack on a major beverage company like Molson Coors shows just how ransomware attack can wreak havoc across an entire supply chain – impacting operations, production and even shipment.
"As manufacturing has become increasing computer driven, IT and OT networks have become interconnected, enabling cybercriminals to use IT systems as backdoors into OT networks, spreading across internal networks more easily. These facilities continue to be key targets threat actors who are seeking to steal valuable digital IP or manipulate controls – and ransomware is a fairly quick and easy way to do this," Lurey says. "In a case like this, educating the first line of defense, employees or plant operators on best practice around passwords and endpoint security across the entire data environment is crucial to avoid a situation like this in the future.”
Art Gilliland, CEO, Centrify, says this incident serves as yet another reminder for organizations to explore the mounting threats to their data and systems, and review the security of their credentials. "As the threatscape continues to expand, organizations must realize the importance of securing all identities including humans, machines, services, APIs, etc., which often provide privileged access to sensitive data, and to take a layered approach to security."
To prevent cybersecurity incidents and outages like this from happening in the future, organizations should implement modern privileged access management (PAM) to reduce the risk of exposure, Gilliland says. "By leveraging existing enterprise identity infrastructure to enforce least privilege access for humans and machines, taking a Zero Trust authentication approach, and minimizing the use of shared accounts, organizations can provide a more granular level of access control while also increasing accountability and reducing the overall threatscape.”
Mohit Tiwari, Co-Founder and CEO at Symmetry Systems, a San Francisco, Calif.-based provider of Data Store and Object Security (DSOS), says, “Breaches often rely on static, legacy infrastructure to compromise. Organizations could consider moving workloads to the cloud quicker -- and the expense might save them bigger costs due to data loss or service disruption later. Or, organizations could strongly consider working with specialists – such as MSSPs or MDR teams -- and benefit from lessons across the community.”