Due to a hacker attack on a Swedish logistics company, store shelves with strong alcohol will be emptied across the country. This was stated by the only Swedish retailer of alcoholic beverages. The same problem will affect other Scandinavian countries.
You need to stop drinking to get a hangover
Swedish alcohol shelves will be emptied this week due to a hacker attack on a Swedish logistics company. On April 25, 2024, the country's only alcohol retailer posted a warning on its official website that by the end of April 28, 2024, store shelves across the country will be empty.
Skanlog CEO Mona Zuko told Dagens Industri newspaper that the incident was caused by hackers from North Korea using a ransomware virus. On what basis it was concluded that cybercriminals were from North Korea on April 25, 2024 remains unclear.
As a result of hacking the IT systems of Skanlog, which is responsible for logistics of about 25% of Systembolaget products, many products may disappear from store shelves not only in Sweden, but also in Finland, Norway, and Denmark. The logistics company Skanlog is so important to Systembolaget that the company's press officer, Teodor Almqvist, warned that some beers, wines and spirits, even in plastic, may be sold out within a few days.
Skanlog, the company directly affected by the cyberattack, is the most important distributor of Systembolaget, a Swedish state-owned retail chain that has a monopoly on the sale of beverages stronger than 3.5% alcohol by volume.
All categories of beverages in all stores across the country are affected. Systembolaget said that there is no risk of "complete drying out", but some popular brands may disappear until new deliveries begin. Skanlog didn't say when its stores might return to normal operations. A Systembolaget representative said that the company has a backup plan in case the distributor is unable to resume deliveries before the beginning of May 2024.
The incident occurred amid the reform of Sweden's National Cybersecurity Center, which the government said failed to achieve "expected results" and became part of the country's Cyber and Signal Intelligence Agency. Earlier in 2024, popular cloud service provider Tietoevry announced that one of its data centers in Sweden was "partially affected by a ransomware attack", which affected numerous customers and forced the closure of stores across the country.
Reforms at the National Cybersecurity Center
Having failed to achieve the expected results for the beginning of 2024, the Swedish National Cyber Security Center (NCSC) is facing a number of reforms, including the transfer of control of the country's cyber and radio intelligence agency. The failures were seen as part of a government review, not as a response to a single incident, but as a result of the changing geopolitical situation in Sweden, which officially joined NATO in March 2024.
The restructuring will see Sweden move to the model of its own Cyber Security Center (GCHQ), similar to that of the United Kingdom, Norway and Denmark, where these bodies are part of GCHQ, the Norwegian National Security Directorate and the Danish Military Intelligence Service, respectively.
The reforms were recommended in an interim report commissioned by the Swedish government on the shortcomings of the cybersecurity center. The interim report specifically praised the UK's NCSC for its" external profile " and its premises in London, which had previously been criticized by MPs.
The Swedish NCSC was established in December 2020 not as a body in itself, but rather as a center for voluntary cooperation between several authorities, including the Radio communications Agency of the Ministry of Defense (FRA) and the Swedish Armed Forces. These bodies were tasked with using the NCSC to coordinate the prevention, detection, and management of antagonistic cyber threats and other IT incidents, as well as to provide advice and support on threats, vulnerabilities, and risks, and to form a national platform for collaboration and information exchange with private and public actors in the field of cybersecurity.
To some extent, this activity was already carried out by various agencies, but the initial structure implied that the Swedish NCSC did not have its own budget, and instead funds came from participating authorities. Along with legal challenges that limited the contribution of participating authorities to their statutory tasks, funding constraints contributed to the NCSC falling short of government expectations.
The government's investigation found that the NCSC lacked clear goals, objectives, and division of responsibilities and, in particular, focused on narrow definitions of the center's tasks, limiting it to dealing with major rather than significant incidents. Its recommendations, some of which will require legislation to take effect, are designed to help the NCSC achieve its overall goal of strengthening Sweden's collective ability to prevent, detect and manage cyber threats and significant IT incidents.
The recommendations focus on the NCSC taking responsibility for various cybersecurity tasks, which are distributed among several Swedish authorities as of April 2024. It is expected that other changes will be recommended in subsequent reports on the results of the investigation. The Swedish reforms come at a time when many European countries are trying to find a balance in their cybersecurity apparatus between intelligence services and those aspects of government that are more accustomed to interacting with the public and industry.
https://carder.market/login/
