Logpoint Comment: Coca-Cola Breach - Attack appears to be politically motivated
Following the continued discussion around the alleged Coca-Cola breach, the from Alon Schwartz, Security Researcher, Logpoint Global Services.
"Whilst Coca-Cola has confirmed it is investigating reports of a possible breach by the Stormous ransomware group, the information available to date throws up many questions and the ransomware fee itself seems extremely low for a potential breach of an organisation the size and scale of Coca-Cola.
The Stormous group are relatively new to the scene and much of the previous activity shared has been small scale targets on universities and schools in India for example, and more recently, they have been seen to be claiming and recycling old breaches carried out by other ransomware groups.
The alleged attack seems to be politically motivated, particularly given that the group has openly expressed their support of Russia several times in the past few weeks. The original poll listing the breach candidates was comprised of mostly large American enterprises, the majority of which have been shown to be in support of the Ukraine.
Based on the timing of the poll and the declaration of when the breach occurred, I would say that it’s unlikely they were able to carry out a breach of this scale in such a short period of time. I wouldn’t be surprised if all of the companies listed on the initial poll hadn’t been breached already, in which case, the Stormous group could slowly trickle out this information over the coming months.
All of the companies listed will no doubt be investigating this as we speak, and the Coca-Cola breach, whether genuine or not, is a warning to organisations to ensure they have continued visibility into their infrastructure, with real time monitoring and automation to see who is interacting with their data and detect and respond optimally to cyber events."