Phishing is so much more than a mere attempt to gain access to your personal bank account or data–for an increasingly industrialized cybercrime overlord, you’re merely a crack in the firewall–a means of gaining entry to much more lucrative investments, a sucker who will click on a link that a sysops-protected employee won’t.
A recent report details ransomware shutting down 75% of Australian wool brokers. According to the report, over 80% of agriculture industries have undertaken a risk assessment—primarily because they simply underestimate the threat to their remote sensors, drones, robotics, farm management, and GPS systems.
A Russian-linked ransomware group last year attacked the computer systems of two Iowa farming coops, forcing them to shut down their entire networks and threatening critical crop planting operations.
A phishing attack, in this case, will usually target the members of a group with an email making an attractive offer. The victim will click on the link, and divulge his/her user data, which the hacker can then use to infiltrate an entire system.
New Cooperative, a member-owned cooperative that helps family farms process grains and offers feed and fertilizer, was forced to halt all automated operations last fall, thereby denying local farmers assistance in process optimization. As a result, workers reverted to paper tickets to record moisture levels and truck haul weights. Grain production software and feed schedules were shut down.
BlackMatters Ransomware Group Demands $5.9 million
BlackMatters, a Russian-linked ransomware group that claimed responsibility for the hack, demanded $5.9 million. The group said it had accessed sensitive information, including financials, customer information, a proprietary mapping software, and research of New Cooperative’s, which they threatened to release if the ransom was not paid. Whether New Cooperative isended up paying was not divulged, but the attack is being called a new form of terrorism.
BlackMatter’s September 25 deadline passed and the information was not published, suggesting that, either secret negotiations took place between New Cooperative and BlackMatter, or that BlackMatter postponed the release. Some time later, the group announced it was shutting down following the compromise of the Dark Side ransomware group.
The FBI recommends not to pay ransoms and to report ransomware attacks to law enforcement.
Threat to Food Security
Iowa is the largest corn grower and second largest soybean grower in the USA. Local farmers harvest approximately 2.5 billion bushels of corn and 591.2 million bushels of soybeans. Corn is arguably the most important crop in the US, feeding livestock and used for food and ethanol manufacturing, as well as other industrial uses. A disruption to either grain industry could cause prices to shoot up, increase food insecurity and endanger livestock.
With crops, timing is crucial. Kevin Kenney, a Nebraska farmer, expressed concern about ransomware attacks this planting season to The Security Ledger. “We’re just getting going with our most important three weeks of the year…. During this time, an average farmer’s time is worth $1000/hour against the harvest value of his crop.”
New Cooperative has tried to maintain operations as usual during the attack; but with over half of their operations computerized, this is becoming impossible. Meanwhile, they continue to deliver feed and accept grain. In a Twitter post, a New Cooperative spokesperson warned, “If we are not able to recover very shortly, there is going to be a very, very public disruption to the grain, pork and chicken supply chain. About 40% of grain production runs on our software, and 11 million animal feed schedules rely on us.”
Continued Hacking Attacks
Hackers are targeting the planting and harvesting seasons in order to pressure farmers and agricultural cooperatives to pay ransoms for restoring their systems during this critical period. The alternative is untimely seed planting and unharvested crops going to waste.
The FBI has issued a warning to the agriculture industry regarding the threat of phishing and ransomware attacks. Their fall harvests along with the spring planting season are now times for the agriculture industry to worry about ransomware attacks. Since the fall attacks on New Cooperative and five additional grain cooperatives, one feed mill that prepares feed for livestock and other critical services for farmers was a victim of a Lockbit 2.0 ransomware attack.
How to Protect from Future Ransomware Attacks
Cyber attacks on agricultural entities can result in:
Immediate disruption to business critical operations
Fines from regulators if privacy is breached
Legal action and remediation costs
Damaged relationships with partner organizations
Compromised trade secrets
To protect against ransomware attacks, the FBI has advised identifying vulnerabilities in the Food and Agriculture sector and increasing security in these areas. They specifically advise:
Backing up data to a secured environment
Identifying critical infrastructure and creating a contingency plan should infrastructures be forced offline
Preparing a data recovery plan that includes sensitive and proprietary data
Protecting systems from phishing attacks through training and the implementation of detection and remedial software.
Formalize data controls surrounding password use, data sharing and asset management.
Auditing data, storage and possible deletion.
Use appropriate anti-virus software or firewalls
Supply chain vulnerability assessment.
Upgrade technologies, such as cloud storage and blockchain for tracking your materials and products.