Cyber Attack Hits Supplier to Major UK Supermarkets
A logistics firm supplying major UK supermarkets including Tesco, Sainsbury's and Aldi has fallen victim to a ransomware attack, highlighting growing vulnerabilities in supply chain cybersecurity.
Peter Green Chilled, a Somerset-based distributor which transports chilled food primarily to regional stores, confirmed the cyber attack had occurred on Wednesday (14 May) evening.
In an email seen by the BBC that was sent to stakeholders on Thursday, the company revealed it was being held to ransom by cyber hackers, resulting in a temporary halt to order processing.
"The transport activities of the business have continued unaffected throughout this incident," stated Tom Binks, Managing Director at Peter Green Chilled, though the company declined to provide further details about the attack.
Critical supply chain vulnerabilities exposed
Ransomware attacks involve hackers encrypting victims' data and locking them out of computer systems before demanding payment to restore control.
While recent cyber attacks on larger retailers like Marks & Spencer and Co-op garnered more attention, this incident underscores the significant challenges faced by smaller logistics providers within critical supply chains.
Dray Agha, Senior Manager of Security Operations at Huntress, explained why such targets are appealing to cybercriminals: "Cyber criminals are deliberately targeting parts of the supply chain that create maximum chaos. When chilled food distributors go offline, products spoil and shelves go empty fast.
"Cyber criminals know the ticking deadline they've created and are most likely to get paid because they have seized and held hostage critical business functions."
The incident serves as a stark reminder that supply chain vulnerabilities can ripple through multiple businesses, affecting operations across the entire network. Industry experts argue that this attack represents a strategic approach by hackers who increasingly exploit weak links in interconnected business systems.
"As retailers ramp up their own cyber defences, hackers will be looking to capitalise on the chaos to conduct further attacks," comments Sian John, CTO at the global cybersecurity company NCC Group. "One weak spot that so often gets overlooked is the supply chain."
"It's easy to focus on internal systems and believe your business is secure. But the reality is that a single vulnerability in your supply chain can cascade across the entire network, bringing operations to a standstill."
Calls for enhanced collaboration
Looking ahead to evolving threats, Ilia Kolochenko, CEO at ImmuniWeb, predicts: "In 2025, we will likely observe a surge of stealth cyber attacks against business-critical suppliers and vendors of large companies and organisations.
"Cybercriminals – in contrast to relaxed, VC-backed cybersecurity firms – are militarily pragmatic, focusing their efforts on the fastest and most cost-efficient ways to compromise the data they need."
Ilia describes suppliers as "low-hanging fruit" for cybercriminals, noting they "frequently do not have sufficient cybersecurity budgets or simply neglect data protection, naively believing that nobody wants to hack them".
Experts like Sian are calling for enhanced collaboration between public and private sectors to address these growing threats, recommending that organisations implement comprehensive security strategies that extend beyond their own networks to include supplier assurance, regular audits and increased staff training.
"Cybersecurity is a shared responsibility," she adds. "Government bodies, regulators and industry groups must work together to share intelligence, offer guidance and promote best practices that protect the integrity of our national infrastructure."
Explore the latest edition of Supply Chain Digital Magazine and be part of the conversation at our global conference series, Procurement & Supply Chain LIVE.
Discover all our upcoming events and secure your tickets today.
Supply Chain Digital is a BizClik brand.
