Greggs closed!

[Ascender]

The latest big-name high street food retailer to suffer an outage due to IT issues. Is this the start of a concerted cyberwar to send the masses into revolt, an uprising against our government, making us ready to accept our new Russian leaders?

Or has someone been using a default password on their firewalls again.

[Jobbo]

I bet they don't use internet-enabled ovens. So hopefully you could buy a warm sausage roll with cash.

[mik]

In related news - we tried these for dinner a few nights back


and nearing completion, mrs mik declared them to be "Nice, but they are really just Tory Steak Bakes".

[Beany]

The latest big-name high street food retailer to suffer an outage due to IT issues. Is this the start of a concerted cyberwar to send the masses into revolt, an uprising against our government, making us ready to accept our new Russian leaders?

Or has someone been using a default password on their firewalls again.

You jest, but more than once I've seen Teamviewer on their screen of their CCTV with the machine name and password on it. In more than one store.

I do wonder if someone managed to do that, and pivot through the network

[Ascender]

The latest big-name high street food retailer to suffer an outage due to IT issues. Is this the start of a concerted cyberwar to send the masses into revolt, an uprising against our government, making us ready to accept our new Russian leaders?

Or has someone been using a default password on their firewalls again.

You jest, but more than once I've seen Teamviewer on their screen of their CCTV with the machine name and password on it. In more than one store.

I do wonder if someone managed to do that, and pivot through the network

Unfortunately I don't jest. Like you, I know how these things can be.... I was doing some work recently for a company who are significantly bigger than Greggs in every way and a pen test showed up that exact issue on some very key production devices. The mind boggles.

[Beany]

Fuckin' oof.

They got CyberEssentials/CE+?

[Ascender]

Fuckin' oof.

They got CyberEssentials/CE+?

Don't even mention that dirty word! I've had way more dealings with those things in the last two years than I ever want to have again!

[Beany]

Oh, same. Thankfully a rather smaller estate here, so less to faff about with...

[drcarlos]

The latest big-name high street food retailer to suffer an outage due to IT issues. Is this the start of a concerted cyberwar to send the masses into revolt, an uprising against our government, making us ready to accept our new Russian leaders?

Or has someone been using a default password on their firewalls again.

You jest, but more than once I've seen Teamviewer on their screen of their CCTV with the machine name and password on it. In more than one store.

I do wonder if someone managed to do that, and pivot through the network

Of course they have, I bet they don't segment the IT and OT stuff and it all sits on the same network. Most places until they get a major breach don't really take Cyber seriously, then they shit themselves as the business insurer puts in a load of requirements and you have to pay a load of consultants to try and uplift your posture toute suite as they won't insure you any more.

[Ascender]

I did some work for a client recently who are committed to being compliant with cyberessentials and it turned out they'd had a massive security breach 6 months previously. "How did you recover from that?" I asked as I tried to get a lay of the land....

"We just turned lots of stuff off".

Yes, but I mean now, 6 months on, where are you with improvements etc?

"We've not turned it all back on"

And somehow they carried on with their business with all these servers and network kit turned off, at local sites, DCs and in the cloud.

[Beany]

The latest big-name high street food retailer to suffer an outage due to IT issues. Is this the start of a concerted cyberwar to send the masses into revolt, an uprising against our government, making us ready to accept our new Russian leaders?

Or has someone been using a default password on their firewalls again.

You jest, but more than once I've seen Teamviewer on their screen of their CCTV with the machine name and password on it. In more than one store.

I do wonder if someone managed to do that, and pivot through the network

Of course they have, I bet they don't segment the IT and OT stuff and it all sits on the same network. Most places until they get a major breach don't really take Cyber seriously, then they shit themselves as the business insurer puts in a load of requirements and you have to pay a load of consultants to try and uplift your posture toute suite as they won't insure you any more.

My old employer are doing this, they've chucked something like £30k at someone to come 'consult' on their ISO and CE. Which they never have a chance of passing, not without literally rebuilding the company from scratch.

I've been enjoying hearing stories about it.

[drcarlos]

With the benefit of hindsight and having living through the breach and then recovery of (I still think it is) the biggest attack in history it was easy at that time to justify capability and tooling spend. We must have paid out half as much in consultancy as the insurers paid out to us too.

Creating havoc is usually only the cover for something more insidious, which is usually data or credential theft so they can sell it on (data wise) or shift money out of accounts by nefarious means.
In a few weeks it wouldn't surpise me if all gregs loyalty card owners data was for sale on the dark web or someone had the creds or email for a financial bod and shifted a large sum from a bank in fradulent transfer.