Back to Basics: FBI – Ransomware Attacks Targeting Agriculture and Food Damaging Beyond Ransoms Paid

This is part 3 in our “Back to Basics” series for preventing cyber and ransomware attacks. We write these in the context of recent attacks, highlighting basic security measures you can apply in your organization today. Check out part 1 covering how access control basics could have helped T-Mobile security, and part 2 Identifying and Remediating Device and Infrastructure Security Gaps – The Oldsmar Water Treatment Plant Ransomware Attack Examined.

Attacks Against Agriculture and Food Not New But Accelerating

The FBI released a Private Industry Notification (PIN) about cybercriminal actors targeting the food and agriculture sector with ransomware attacks last week.

While the attacks are not new, they have spiked during the pandemic. Of note is the overall rush for the Agriculture sector to digitize. 

The most recent disruptions last month are hitting the Farm Belt even harder as growers gear up for the autumn harvest.

Security firm Malwarebytes recorded a 607% increase in agriculture sector attacks in its’ annual security report by vertical for 2020 vs 2019.

Here are a quick summary from the FBI report and recent news of attacks against the agriculture sector in 2021:

• January – A US farm suffered $9M loss due to lost operations. Attack due to compromised credentials.
• March – A US beverage company suffered a ransomware attack that took its systems offline to prevent further spread.
• May – JBS meat producer shutdown driving meat prices up as much as 25% temporarily.
• July – A US bakery company lost access to their server, files, and applications, halting operations due to a ransomware attack deployed through software used by an IT managed service provider (MSP) resulting in a one week.
• September – 4th largest corn handler digital operations taken down due to ransomware attack – no cause yet.
• September – New Cooperative $5.9M ransomware attack forced it back to paper-based operations.

Both of the September attacks were able to revert to paper based workarounds to keep business flowing during peak harvest season. Note the same software that was hacked in the September attack controls roughly 40 percent of the nation’s grain production.

Proactive Security Approaches Pay Dividends

Those of us in tech know well that modern approaches reduce costs at operational levels due to efficiencies, and legal and business levels due to faster MTTR and lower legal and compliance costs.

A few stats:

• The adoption of AI, security analytics, and encryption were the top three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools.
• Organizations with a mature zero trust strategy had an average data breach cost of $3.28 million – which was $1.76 million lower than those who had not deployed this approach at all.
• By industry: Data breaches in healthcare were most expensive by industry ($9.23m), followed by the financial sector ($5.72m) and pharmaceuticals ($5.04m). While lower in overall costs, retail, media, hospitality and public sector experienced a large increase in costs vs. the prior year.

Other industries are different. Perhaps none more different from tech than the food industry.

Costs Beyond Ransomware Payouts

Losses due to Ransomware extend well beyond the payout themselves including:

• Reduced or halted abilities to perform their own business operations at time of attack
• Reduced business operations in the future due to business lost to competitors
• Slowed or halted progress on current projects management and technical staffers were working on
• Lost business due to Brand damage
• Lost business to the industry Brand overall

Back to Basics – Recommended Steps to Mitigate Threats from the FBI

Per the FBI Private Industry Notification published in September, 2021, cyber criminal threat actors will continue to exploit network system vulnerabilities within the food and agriculture sector.

The following steps can be implemented to mitigate the threat and protect against ransomware attacks:

• Regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
• Implement network segmentation.
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
• Install updates/patch operating systems, software, and firmware as soon as they are released.
• Use multifactor authentication with strong pass phrases where possible.
• Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts.
• Disable unused remote access/RDP ports and monitor remote access/RDP logs.
• Require administrator credentials to install software.
• Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
• Install and regularly update anti-virus and anti-malware software on all hosts.
• Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
• Consider adding an email banner to messages coming from outside your organizations.
• Disable hyperlinks in received emails.
• Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams).

Working with a Trusted Partner

For Tech, Financials, Healthcare and other IT-and-engineering-heavy environments, moving towards true Zero Trust is a manageable endeavor. For other verticals it may be more challenging.

Consider the following if choosing a partner or consulting firm to help you on the journey:

• Work Towards 100% Visibility – And Make it Actionable
  • WootCloud has developed a very high-fidelity signal to catch the hard-to-catch details and anomalies. Over 4 years of running in production in leading enterprises, we have eliminated struggles caused by these minute but important errors. 
  • We are agentless so can see IoMT/IIoT/IoT and unmanaged devices, as well as most everything running in your corporate network.
• Boost Accuracy in Inspection and Analysis – And Again Make it Actionable
  • Our AI/ML has been trained and refined – over 4 years – everything is automated.
  • Predictive and intelligent identification and categorization of devices and their behavior to the Group, Individual, and Operational levels have helped our customers spot behavioral-based anomalies early to avoid disasters.
• Work Towards Enterprise-scale Automation and Remediation
  • While visibility, inspection, and analysis is great, all of this cannot work at any significant scale without automated enforcement. 
  • Automatically identifying and eliminating rogue devices to protect your risk posture in moments of compromise while remaining user-friendly is critical in the era of demanding user bases, increasing compliance regulations, and IoT/5G/Work-from-anywhere megatrends.

Maintaining operational hygiene and intelligent asset management is also critical to modern IT in the age of BYOD and remote procurement.

Our agentless, AI/ML-driven platform identifies, analyzes, and manages device and infrastructure assets automatically to help you close security gaps like those in these Food and Agriculture firms – all in real time – all critical with today’s IoT, 5G, and work-from-anywhere megatrends in full swing.

Leading organizations deploy us, global tech leaders partner with us, and top investors back our vision.

Request a 20-minute demo, specific to your environment today.