FBI warns of cyberattacks during critical ag seasons

Agency provides recommendations for mitigating threats and protecting against attacks.

Krissa Welshans, Livestock Editor

April 21, 2022

3 Min Read
Graphic with locks and one unlocked lock.
GROWING CONCERN: Cyberattacks increasingly targeted at ag and food industry companies, raising red flags that more attention should be given to the critical infrastructure of ag sector.iStockphoto

The Federal Bureau of Investigation (FBI) is warning the agriculture industry that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss, and negatively impacting the food supply chain.

In a newly issued notification, the FBI said ransomware attacks against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 could impact the planting season by disrupting the supply of seeds and fertilizer.

“Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production,” the FBI stated.

According to the agency, initial intrusion vectors included known but unpatched common vulnerabilities and exploits, as well as secondary infections from the exploitation of shared network resources or compromise of managed services. Production was impacted for some of the targeted entities, resulting in slower processing due to manual operations, while other targeted entities lost access to administrative functions such as websites and e-mail but did not have production impacted.

The report relayed that six grain cooperatives experienced ransomware attacks last fall from September 15-October 6. A variety of ransomware variants were used, including Conti,BlackMatter, Suncrypt, Sodinokibi, and BlackByte, and some targeted entities had to completely halt production while others lost administrative functions.

Related:JBS paid $11m ransom to ransomware gang

In February 2022, a company providing feed milling and other agricultural services reported two instances in which an unauthorized actor gained access to some of its systems and may have attempted to initiate a ransomware attack. Those attempts were detected and stopped before encryption occurred, the FBI said. In March, a multi-state grain company suffered a Lockbit 2.0 ransomware attack. In addition to grain processing, the company provides seed, fertilizer, and logistics services.

The animal protein sector has also been targeted. In June 2021, JBS USA paid the equivalent of $11 million in ransom in response to the criminal hack against its operations. The FBI attributed the attack to REvil and Sodinokibi, calling it “one of the most specialized and sophisticated cybercriminal groups in the world.”

To mitigate threats and protect against ransomware attacks, the FBI recommends the following:

  • Regularly back up data, air gap, and password protect backup copies offline. Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.

Related:FBI attributes JBS cyberattack to Russian ransomware gang

  • Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).

  • Identify critical functions and develop an operations plan in the event that systems go offline. Think about ways to operate manually if it becomes necessary.

  • Implement network segmentation.

  • Install updates/patch operating systems, software, and firmware as soon as they are released.

  • Use multifactor authentication where possible.·Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts and use strong pass phrases where possible.

  • Disable unused remote access/RDP ports and monitor remote access/RDP logs.

  • Require administrator credentials to install software.

  • Audit user accounts with administrative or elevated privileges and configure access controls with least privilege in mind.

  • Install and regularly update anti-virus and anti-malware software on all hosts.

  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a virtual private network (VPN).

  • Consider adding an email banner to messages coming from outside your organizations.

  • Disable hyperlinks in received emails.

  • Focus on cyber security awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams)

Additional resources related to the prevention and mitigation of ransomware can be found at stopransomware.gov, a centralized, U.S. whole-of-government webpage providing ransomware resources and alerts.

 

 

About the Author

Krissa Welshans

Livestock Editor

Krissa Welshans grew up on a crop farm and cow-calf operation in Marlette, Michigan. Welshans earned a bachelor’s degree in animal science from Michigan State University and master’s degree in public policy from New England College. She and her husband Brock run a show cattle operation in Henrietta, Texas, where they reside with their son, Wynn.

Subscribe to Our Newsletters
Feedstuffs is the news source for animal agriculture

You May Also Like