A cyberattack has targeted United Natural Foods Inc. (UNFI), the predominant food distributor for Whole Foods. In a notice regarding the incident, UNFI stated, “We have identified unauthorized activity in our systems and have proactively taken some systems offline while we investigate.” Currently, the organization is working to restore online systems.
Below, security leaders discuss this cyberattack, with insights on attacker motivations as well as risk mitigation strategies.
Security Leaders Weigh In
Ms. Aditi Gupta, Senior Manager, Professional Services Consulting at Black Duck:
This recent attack further compounds the challenges faced by the already struggling retail industry, adding yet another disruption. Supply chain attacks have surged by a staggering 431% from 2021 to 2023 and continue to rise in 2025. The digitization of critical functions such as inventory management and order processing are essential for the retail industry, and these attacks serve as a true test of their business continuity capabilities.
Mr. Venky Raju, Field CTO at ColorTokens:
Initial reports from United Natural Foods (UNFI) suggested that they had isolated the compromised systems, but they soon followed up with a statement that the entire network was shut down. This suggests that the malware moved more quickly through their network than their attempts to contain the spread. With its entire network shut down, UNFI customers have been unable to submit orders and have them fulfilled, resulting in significant business losses for all parties.
This strengthens the business case for implementing microsegmentation pervasively in the network. Furthermore, stopping lateral movement before and during a breach must become a key consideration in business continuity planning and the overall cyber resilience strategy.
Implementing zero-trust, specifically microsegmentation, is often considered arduous and is therefore rarely prioritized. However, there are next-generation microsegmentation solutions that enable the reduction of lateral movement spread with minimal effort and cost. The MITRE ATT&CK framework enumerates the most common techniques used by attackers to move laterally from one system to another, and is a great starting point for implementing microsegmentation policies.
Fletcher Davis, Senior Security Research Manager at BeyondTrust:
Retailers collect and store vast amounts of valuable personal and financial data, such as credit card numbers, payment details, home addresses, and phone numbers. One breach can often yield a large amount of records that can be sold on dark web markets. Retailers also often work with third-party vendors, payment processors, and service providers, extending the attack surface of the retailers’ network. Seasonal pressures during holiday shopping can also delay detection and response capabilities, as well as increase the impact of a potential breach.
Threat actors targeting the retail industry largely obtain access to these networks through social engineering or supply chain / third-party compromises. IT help desk staff remain primary targets for various cybercrime groups where attackers pretend to be employees or contractors in order to gain access to credentials and company systems. Attackers also target smaller, less secure vendors who have access to retailer networks, such as payment processors, inventory management companies, and contractors. Vendors often have access to internal resources and systems containing sensitive data.
Source: Security Magazine