In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.


Ontario Retailers Seek Relief from OCS

As we have previously reported, the cyberattack last August on the parent company of Ontario Cannabis Store’s (OCS’) third-party operated distribution centre, Domain Logistics, briefly crippled the cannabis distribution system in Ontario. The incident demonstrates the long term impacts that a cybersecurity incident can have on multiple sides of business operations. Mike Dunn, who owns the Toronto retail outlet 1922 with partner Brooke Silversides explained, “In my view, this crisis has three waves. The first came when the OCS took the network offline and paralyzed distribution. The second wave, which is happening now, involves retailers struggling to stay afloat because inventory’s been depleted and cashflow crippled. The third wave is next—at that time, the licensed providers (LPs) will begin to feel the pain.” Aurora Cannabis Inc. says it could take a revenue hit of up to $3 million because of the incident, in addition to a worker strike in B.C.

Five Lessons Every Cybersecurity Team Can Learn from the Uber Incident

Last week we discussed the Uber cyber incident where the attackers stated that they were able to social engineer their way to authenticating as one of Uber’s employees and access their VPN (which required MFA). They say they then scanned the network and found a powershell script containing a username and password which in turn allowed them access to a lot of very sensitive platforms. This article takes what is known so far from the security incident and provides some important lessons learned.

  1. MFA is not a security boundary.
  2. Effective security must be done in layers.
  3. Avoid using static credentials.
  4. Don’t hold sensitive information in plaintext.
  5. Security tools may be a double-edged sword.
CISA and NSA Publish Joint Cybersecurity Advisory on Control System Defense

The Cybersecurity & Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have published a joint cybersecurity advisory about control system defense for operational technology (OT) and industrial control systems (ICSs). Control System Defense: Know the Opponent is intended to provide owners and operators with an understanding of the tactics, techniques, and procedures (TTPs) used by malicious cyber actors. This advisory builds on NSA and CISA 2021 guidance provided to stop malicious ICS activity against connect OT, and 2020 guidance to reduce OT exposure.

CISA and NSA encourage the private sector to review the advisory, Control System Defense: Know the Opponent, and apply the recommended mitigations and actions. As IoT and connected devices become more prevalent within the cannabis industry, the threat that an entire crop could be ruined by malicious actors is one that cultivators will want to be wary of and take the recommended proactive measures that are mentioned in the joint cybersecurity advisory.

Takedown: Removing Malicious Content to Protect Your Brand

As a brand owner, whether for a small business or a large multi-state operator, you will want to do as much as possible to protect it. This guidance from the U.K.’s National Cyber Security Centre introduces some methods you can use to protect your online brand, and by extension, your customers or users. Several months ago a Cannabis ISAO partner organization shared a report in our Slack workspace that outlines the activity of a threat actor they have coined as “GanjaMask”. That report was further elaborated on by an independent cybersecurity research professional. The full report is labeled as TLP:AMBER and as such can not be publicly shared, but if you would like access to the full report, please request access to our FREE Slack Workspace here

“GanjaMask is a malicious enterprise that has been operating for the past year using a network of websites, social and maps postings, and communication methods in attempt to sell or distribute illegally produced or obtained cannabis products and other drugs. Their main method appears to be misrepresenting themselves as legitimate cannabis operators across the United States via Google Maps.” A more complete overview of the report can also be found in our blog.

Physical Security

Armed Robberies Awareness and Prevention in the Cannabis Industry

The Sapphire Risk Advisory Group discuss the risk of armed robberies in the cannabis industry. Acknowledging that the industry is at an increased risk, they recommend that business owners should increase security measures at their facility, such as installing more security equipment, contracting with a security guard company, or hiring a security expert to conduct a risk assessment to determine the specific risks for the business. Security risk assessments should be completed during the pre-inspection phase, after the build-out concludes, and annually after that. According to Sapphire, this can include analyzing 3-5 years of crime data for the property and surrounding area, noting robberies, burglaries, nearby instances of civil unrest, gang-related incidents, and other violent crimes.  

Suspects Wearing Clown Masks Taken into Custody After String of OKC Dispensary Robberies

Authorities took three people into custody in connection with a string of dispensary robberies Wednesday in Oklahoma City. Police apprehended three suspects on foot and took them into custody. They said the suspects were wearing clown masks during the robberies. Police said they believe the three robberies are connected because of the vehicle used.

This incident shows a great opportunity for information sharing within the industry, to help identify trends, but also piece together incidents which will help lead to longer sentences for the criminals and help act as a deterrent for future would-be robbers. Besides establishing working relationships with local law enforcement to assist in investigations, it can help with a spread of threat intelligence that can help identify suspicious and dangerous trends.

Stores Install Barriers After Robberies at Dispensaries

Local gun shops and dispensaries in the St. Louis area are now installing concrete barriers at the entrance of their stores to prevent thieves from coming in. Owners are scrambling to protect their livelihoods after criminals used stolen cars to barge their way inside during a series of smash and grab robberies. “Don’t try it here because you ain’t getting in,” says Curt Smith’s Outdoors Manager Thomas Petrekovich. Concrete blocks are at the front door of the shop in Belleville. Petrekovich saw the aftermath of thieves crashing their way inside of gun shops nearby and called the police chief for assistance.

“I just thought to myself If they got into that building mine is just as easy to get done as well,” he says. “So that’s why I requested those walls be put up.”

Twenty-four hours later the blocks were installed outside the front door. “I don’t want a car coming in here,” Petrekovich says. “I’d say they’re probably 2000 pounds apiece.”

Natural Events

Hurricane Fiona Sets Sights on Atlantic Canada While A Major Hurricane is Expected to Hit Florida Early Next Week

After menacing Puerto Rico, the Dominican Republic, the Turks and Caicos and other parts of the Caribbean, Fiona collided with Atlantic Canada, becoming one of the strongest storms on record to impact the easternmost portions of Canada, according to AccuWeather forecasters and weather data from the region.

On Friday, Fiona began bombarding Prince Edward Island, eastern Nova Scotia, western Newfoundland and southeastern Labrador with life-threatening flooding, damaging hurricane-force wind gusts and dangerous storm surges. One dispatcher stated that the conditions facing Prince Edward Island were “like nothing we’ve ever seen,” with reports made of downed trees and wires across the area.

Meanwhile, Tropical Storm Ian has formed in the Central Caribbean and is expected to eventually shift from the Caribbean into the Gulf of Mexico, where it may undergo rapid strengthening into a major hurricane before threatening the United States.

The tropical depression was located about 615 miles east-southeast of Kingston, Jamaica, and 1,105 miles east-southeast of Havana, Cuba, as of 5 a.m. Friday. The system, which was tracking to the west-northwest at 13 mph, had maximum sustained winds of 35 mph, meaning it was just 4 mph shy of the threshold for it to become a tropical storm. Once the system hits that threshold, it will be referred to as Hermine.

The National Hurricane Center is urging those along the Eastern Gulf Coast of the United States to closely monitor the system and ensure that hurricane plans are in place, although at this early juncture forecast uncertainty does remain fairly high. Based on the earliest reasonable arrival time of tropical-storm-force winds from the National Weather Service, Southern Florida could see impacts by Monday afternoon, although the most likely scenarios don’t have those conditions starting until Tuesday morning. Current spaghetti models can be viewed here.

If you have not yet developed a hurricane response plan, we encourage you to review our Library Card Series blog on Hurricane Preparedness

Fault Along L.A., O.C. Coast Could Unleash Huge Earthquake on Scale of San Andreas, Study Shows

A fault system running nearly 70 miles along the coast of Los Angeles and Orange counties has the potential to trigger a magnitude 7.8 earthquake, according to a new study that is the latest to highlight the seismic threats facing Southern California.

Known as the Palos Verdes fault zone, the system runs deep beneath the Palos Verdes Peninsula. It previously was thought to be a segmented network of smaller faults, but a closer look by scientists at Harvard University suggests it’s a system of interconnected, closely spaced planar fractures stretching from the Santa Monica Bay to the waters off Dana Point.

The analysis determined the fault system, which runs beneath numerous neighborhoods as well as the ports of Long Beach and L.A., has a much larger surface area that could rupture in the same seismic event, making it capable of a far more powerful quake than was previously known.

For earthquake preparedness resources, check out our blog that details the Ready Business QuakeSmart Toolkit.

Check out the latest blog highlighting issues important to cannabis security!