Analysis
Attacks and Vulnerabilities
Critical infrastructure
Malware, Phishing & Ransomware
News

Dole ransomware incident affected half of its legacy servers with direct costs reaching $10.5 million

May 22, 2023
Dole ransomware incident affected half of its legacy servers with direct costs reaching $10.5 million

Food giant Dole plc said that the February cybersecurity incident that led it to be a victim of a sophisticated ransomware attack impacted approximately half of its legacy servers and one-quarter of its end-user computers. Additionally, the total impact to the company, including discontinued operations, was US$10.5 million for the three months ended March 31, 2023.

In its Form 6-K filing to the U.S. Securities and Exchange Commission, Dole confirmed last week that the attack also resulted in unauthorized access to certain Dole information, including information about certain employees, although Dole has no reason to believe any employee information was publicly released. 

The filing added that “upon detecting the attack, the Company promptly took steps to investigate and contain the attack, retaining the services of leading third-party cybersecurity experts. Dole also has been working with law enforcement. Dole experienced minimal operational impact from the attack, and all impacted servers and end-user computers have been restored or rebuilt. The total impact to the Company, including discontinued operations, was $10.5 million for the three months ended March 31, 2023.”

“The incident had a limited impact on our operations overall, however, it was disruptive for our Fresh Vegetables and Chilean businesses in particular,” Dole reported last week. “Direct costs related to the incident were $10.5 million of which $4.8 million related to continuing operations.”

It also added that “we see signs of improved logistical efficiencies in several areas, which is helping to bring more stability after a period of severe supply chain disruption.” 

Dole also disclosed that ​​capital expenditures for the three months ended March 31, 2023, were $19.9 million, which included investments in farm renovations and ongoing investments in IT, logistics, and efficiency projects in our warehouses and processing facilities. This amount also includes $2.3 million of capital expenditures related to discontinued operations. 

“Despite the complexity and costs of this issue, we are very pleased with the commitment of our people in ensuring that our systems recovery protocols worked as anticipated,” Rory Byrne, Dole CEO said during the quarterly conference call Thursday.

Back in March, Byrne warned that the company did not expect to fully recover the costs of the attack, noting the ability to get sufficient insurance in North America was prohibitive.

At the time, the cyber attack caused Dole’s operations to be disrupted, resulting in the temporary shutdown of production plants and the disruption of food supplies to U.S. grocery stores. “Upon learning of this incident, Dole moved quickly to contain the threat and engaged leading third-party cybersecurity experts, who have been working in partnership with Dole’s internal teams to remediate the issue and secure systems,” confirmed a company release. “The company has notified law enforcement about the incident and are cooperating with their investigation.” 

Explaining how businesses can be more resilient to hacks, Mark Lance, vice president, DFIR and threat intelligence at GuidePoint Security, told Industrial Cyber that since there is no single solution that can prevent an incident, the primary goal for businesses should be establishing a security program that prioritizes early identification of threats, so they can be addressed as quickly as possible within the attack lifecycle. 

“Identifying a successful phishing attempt hours after it occurred and taking immediate actions to remediate will have substantially less impact than identifying that same threat actor days later, after they’ve moved laterally, elevated privileges, established persistence, removed sensitive data from your environment, and are staging for a ransomware encryption event,” he added.

Addressing the potential long-term consequences for businesses who give into ransomware attacks, Lance said that the reason ransomware is so prevalent in today’s threat landscape is that the threat actors are making a ton of money. “Some of the more prolific cyber criminal groups have collected total ransom payments estimated to be billions of US dollars. Threat actors also continue to evolve their tactics to ensure their monetary gains, and there are numerous reasons a business might consider making a ransom payment, which ultimately comes down to a business decision. Therefore, ransomware isn’t going anywhere,” he added. 

“Effective recovery not only entails restoration of operations, appropriate disclosures, identification of root cause, and tactical actions like addressing any backdoors, but must also include identification and review of any deficiencies and gaps in the company’s technologies, processes, and people that need to be addressed more strategically to prevent future occurrences of similar threats,” according to Lance. “Learning from a previous incident and using it to develop strategic initiatives is critical to not being a repeat victim to similar attacks from other threat groups.”

Transportation, discrete manufacturing, and food and beverages were 2022’s top three victim-targeted industries, the same as the previous year, according to a report created by OT security company Waterfall Security Solutions, in cooperation with ISSSource and their ICSStrive OT incident repository.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights