TOMRA Systems Shut Down Following  ‘Extensive’ Cyber Attack

The Norweigan recycling firm TOMRA has been forced to shut down systems in an effect to contain the spread of an “extensive cyberattack” that took place over the weekend. 

The recycling giant, a renowned global leader in the collection processing of used beverage containers throughout North America, told the Oslo Stock Exchange the attack began on the morning of July 16 before they were able to pull systems offline to protect critical infrastructure. 

“To contain the attack, we immediately disconnected selected services and have since disconnected others,” TOMRA said in an update posted today.

“A team of internal and external resources is working around the clock to resolve the situation, and affected systems will remain offline until it is safe to open them. No new hostile activities have been detected.”

The firm added that internal services and some back-office applications are still offline, impacting supply chain management. Major office locations are also closed, and staff have been asked to work remotely. 

The majority of TOMRA’s reverse vending machines (RVMs) continue to function offline, though some are no longer working. The RVMs in Australia and North America remain online and "fully connected," however, the company said.

"Our primary aim is to continue to deliver our services to customers, reducing the impact this attack has on them. The attack currently has a limited impact on TOMRA's customer operations."

Most of TOMRA's digital services are designed to operate offline for a certain amount of time but may have reduced functionality in the interim.”

Immediate Action 

As of yet, no cybercriminal organisation has claimed responsibility for the breach, and TOMRA has not yet revealed how the hackers were able to gain access to their systems, or if any reason has been demanded. 

However, by shutting systems down at the first sign of a breach, Rob Bolton, VP of EMEA at Versa Networks, believes that the recycling giant may have limited much of the potential service disruption brought by the attack. 

“Disrupting any critical service is extremely serious and can result in nationwide social and economic impacts, as well as affect global supply chains,” Mr Bolton said

One positive that can be taken out of the attack on TOMRA is the quick response time to stop the attack and mitigate its impacts. Every organisation should have measures and controls in place to contain cyberattacks as soon as they are identified.

“Network segmentation, as an example, allows security teams to rapidly locate malware, limit its movement, and ultimately reduce the potential impact of an attack,” Mr Bolton added. 

A sector overlooked

The TOMRA data breach is just one of the latest attacks in the Waste and recycling industry – a sector which is often overlooked despite the gravity of attacks.

According to Microsoft’s Digital Defence Report, the number of ransomware attacks on waste and recycling companies increased by a staggering 150 per cent in the past year with attacks becoming more sophisticated and posing a growing threat to companies in the sector. 

While these attacks on operation technology (OT) systems often don’t make headlines, OT security has become a major challenge in the industry as well as in other manufacturing industries. 

The Covid-19 pandemic has further exacerbated the situation as millions of employees now work remotely, requiring remote access to corporate networks.

This has allowed Cybercriminals to exploit vulnerabilities such as weak password security and VPN vulnerabilities to expose corporate networks, compromise data, and deploy ransomware on operational technologies.