Crisis in the Kitchen: Unraveling a Malware Incident

Jan 16, 2025

Patrick Wright, Forensic and Incident Response Lead at BP, discusses a malware incident that infiltrated a kitchen management system at a coffee retailer. He details the surprising operational challenges faced when the team decided to disconnect the system to mitigate risks. The conversation also uncovers the complexities of conducting forensic investigations under pressure. Wright emphasizes the necessity of individual awareness and proactive measures in combating cyber threats, making a strong case for increased vigilance across all levels of an organization.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Malware Incident at BP Gas Station

Suspicious outbound SMB traffic was detected from a BP gas station's kitchen management system (KMS) in Southeast Asia.
This system, used for managing drive-through orders, was unexpectedly spraying the internet with SMB traffic.

INSIGHT

POS System Connection Raises Alarm

The KMS's connection to the Point of Sale (POS) system raised concerns about potential compromise.
Immediate action was taken to disconnect the KMS, prioritizing security over potential business disruption.

INSIGHT

Limited Visibility Challenges Incident Response

BP's incident response team often faces challenges due to limited visibility into certain systems.
They frequently need to gather information about system configurations and network topology during incidents.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Join David Moulton, Director of Thought Leadership at Unit 42, as he explores a real-world malware incident that tested BP’s cybersecurity defenses. Featuring Patrick Wright, Forensics and Incident Response Lead, Matthew Ramey, Head of Global Incident Response, and Navid Asgharzadeh, Manager of the CERT team, this episode reveals how the team detected and responded to unexpected threats in a high-stakes environment. Discover the challenges of handling malware hidden in a kitchen management system, insights into critical cybersecurity practices, and the importance of maintaining vigilance in unseen areas of an enterprise network. Tune in for expert advice and firsthand lessons that emphasize why visibility is key in cybersecurity.

Join the conversation on our social media channels:

Website: http://www.paloaltonetworks.com
Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠
Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠
LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/palo-alto-networks/
YouTube: ⁠⁠⁠⁠@paloaltonetworks
Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠

About Threat Vector

Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠