In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories relevant to the cannabis industry.


Sophos Releases State of Ransomware in Retail 2022 Report

The retail sector is no exception when it comes to the growing ransomware challenge that other industries face today. According to Sophos The State of Ransomware in Retail 2022 report, retail saw the second highest rate of ransomware attacks across sectors, with two in three organizations reporting data encryption following a ransomware attack. The report is based on Sophos’ annual study of the real-world ransomware experiences of IT professionals, of which 422 respondents belonged to the retail sector, working in mid-sized companies (100-5,000 employees) across 31 countries.

The study reveals an increasingly challenging attack environment, with retail reporting an above-average financial and operational impact of ransomware attacks. It also sheds light onto the relationship between ransomware and cyber insurance, including the role cyber insurance is playing in driving changes to cyber defenses.

Here are the key findings from the report:

  • Retail reported a 75% increase in the rate of ransomware attacks over the last year: 77% of organizations were hit in 2021, up from 44% in 2020
  • The increased attack rate is part of a cross-sector, global trend. The retail sector reported the second-highest rate of ransomware attacks across all sectors
  • Retail experienced an above-average rate of data encryption at 68%; for comparison, the global average was 65%
  • Only 28% of retail respondents said they were able to stop an attack before data could be encrypted – below the global average of 31%
  • 49% of retail organizations paid the ransom to restore data – higher than the global average of 46%

Security against ransomware threats is of paramount importance for almost all information security teams. It is a standard, brutal threat that can have devastating outcomes for the company. Yet, even if your company has robust protection in place, it is necessary to simulate a ransomware attack and assure that you actually are shielded. This is the reason why a penetration test is the most useful method to confirm that defenses and security procedures are functioning perfectly — and if not, to rectify them before it is too late.

200,000 North Face Accounts Hacked in Credential Stuffing Attack

Outdoor apparel brand ‘The North Face’ was targeted in a large-scale credential stuffing attack that has resulted in the hacking of 194,905 accounts on the website. A credential stuffing attack is when threat actors use email addresses/usernames and password combinations obtained from data breaches to attempt to hack into user accounts on other websites. The success of these attacks relies on the practice of password recycling, where a person uses the same credentials across multiple online platforms. This is a great lesson which all cannabis industry leaders should be stressing to their employees. Always use unique passwords, and a password manager can be very beneficial. This article from CNET identifies the best password managers for 2022

The credential stuffing attack on The North Face website began on July 26, 2022, but the website’s administrators detected the unusual activity on August 11, 2022, and were able to stop it on August 19, 2022. Payment details like credit card data are not stored on the website, so the attackers could not access sensitive financial information. In response to the security incident, the brand’s parent firm, VF Corporation (formerly Vanity Fair Mills), is sending notices of data breach to impacted customers.

#StopRansomware: Vice Society

The Cybersecurity & Infrastructure Security Agency (CISA), FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: Vice Society, to disseminate tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) associated with Vice Society actors identified through FBI investigations as recently as September 2022. Vice Society uses ransomware attacks against the education sector to gain access to, and threaten exposure of, sensitive personal information regarding students and staff for financial gain. While the threat actors have primarily targeted the education sector, it is important to remember that the potential exists for the group to shift focus and expand their target set.

CISA encourages organizations to review #StopRansomware: Vice Society for more information. Additionally, see for guidance on ransomware protection, detection, and response. 

Some DoorDash customers have had their personal details stolen as part of a successful phishing campaign. The company has confirmed that it recently detected unusual and suspicious activity on the computer network of a third-party vendor it works with. The stolen credentials of an employee at the vendor were used to access some of DoorDash’s internal tools, which in turn allowed an unauthorized party to access customer and Dasher personal details(Opens in a new window).

Only a “small percentage of individuals” are thought to be affected, but DoorDash says the names, email addresses, delivery addresses, and partial payment card information (last four digits of a card number) of customers was accessed. No passwords, bank account numbers, full payment card details, social security, or social insurance details were compromised, however. For Dashers, the information accessed was limited to names, phone numbers, and email addresses.

Physical Security

Armored Car Guard Shot at Kaiser Permanente Facility in San Leandro

A security guard was shot Wednesday morning while carrying an undisclosed amount of money at Kaiser Permanente’s medical campus in San Leandro, California, police said.  The 60-year-old guard was in critical condition after being shot in the back of the upper torso, San Leandro police told KTVU. The shooting happened on the campus at 2500 Merced Street at around 11:42 a.m. The guard was either picking up money or dropping it off, police said. It was a “robbery gone bad,” said police. “I don’t know if the robbery happened before the shooting or if the shooting happened after the robbery, but they did leave with an undisclosed amount of cash.” Officials say they are looking for one suspect. They do not have any leads on where that person may have fled to. 

Earlier this summer, millions of dollars in jewels were stolen from an armored truck in southern California. This is a concerning pattern, and members are encouraged to work with their cash transport providers to ensure that schedules do not become predictable in order to decrease the likelihood of successful robbery attempts.

Police Worry that Pot-Shop Burglars in St. Louis Metro will Become Violent

Criminals have tossed concrete blocks, used crowbars and rammed cars into doors at licensed cannabis shops throughout the St. Louis region in recent weeks. The most concerning trend is the fact that vehicle have been used as the breach method in a growing number of instances. In St. Louis and other areas, thefts of Kias and Hyundais are on the rise which has been fueled by the “Kia Boyz,” a viral trend that has received nationwide attention. On TikTok and other social media platforms, teens teach each other how to steal Kias and Hyundais using USB chargers.

Police and federal authorities are getting closer to finding out who is driving stolen cars through medical marijuana dispensaries after identifying a father and son involved in at least one of them. Marvin Bailey, 40, has been charged with stealing, property damage and burglary for the Aug. 21 break-in at SWADE Dispensary, where a car slammed into the front of the building on Cherokee Street and damaged its foundation. The business reported marijuana was stolen during the incident, according to court documents.

As we have previously shared, CISA provides a Vehicle Ramming Self-Assessment Tool which could be useful. 

Violence at cannabis retail locations continues to be a worrying trend. Earlier this week, shots were reportedly fired into an Alberta cannabis store, and an ax-wielding man died after attacking a cannabis dispensary guard in Chicago.

Natural Events

Biden Administration Launches Portal to Help Communities Assess Exposure to Climate Hazards 

The Biden-Harris Administration in partnership with Department of Commerce’s National Oceanic and Atmospheric Administration (NOAA) and the Department of the Interior (DOI) jointly launched a new website to help communities across the nation understand the real-time climate-related hazards in their area, analyze projected long-term exposure to those hazards, and identify federal funds to support climate resilience projects for their communities.  The Climate Mapping for Resilience and Adaptation(CMRA) portal, an easily accessible and interactive geospatial website, will help federal, state, local and tribal governments as well as non-profit organizations learn about climate hazards impacting their communities. 

The portal also serves as a key tool to aid in the planning and implementation of federal investments, such as the Bipartisan Infrastructure Law (BIL) and Inflation Reduction Act. CMRA supports users in evaluating future climate threats to federally-funded projects. It also provides information on various federal grant programs that can fund climate resilience efforts. 

Organizations can create their own initiative by combining existing applications with a custom site. Use this initiative to form teams around a problem and invite your community to participate.

Check out the latest blog highlighting issues important to cannabis security!