Last month the Federal Bureau of Investigation (FBI) informed food and agriculture sector businesses that ransomware actors may be more likely to attack agricultural cooperatives during critical planting and harvest seasons, disrupting operations, causing financial loss and negatively impacting the food supply chain.
The FBI noted ransomware attacks against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer. Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production. Although ransomware attacks against the entire farm-to-table spectrum of the food and agriculture sector occur on a regular basis, the number of cyberattacks against agricultural cooperatives during key seasons is notable, the FBI advisory stated.
Since 2021, multiple agricultural cooperatives have been impacted by a variety of ransomware variants. Initial intrusion vectors included known but unpatched common vulnerabilities and exploits, as well as secondary infections from the exploitation of shared network resources. Production was impacted for some of the targeted entities, resulting in slower processing due to manual operations, while other targeted entities lost access to administrative functions such as websites and email but did not have production impacted.
A significant disruption of grain production could impact the entire food chain since grain is consumed by humans and used for animal feed. In addition, a significant disruption of grain and corn production could impact commodities trading and stocks. An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products and have cascading effects down to the farm level as animals cannot be processed.
Recommendations
Cyber threat actors will continue to exploit network, system and application vulnerabilities within the food and agriculture sector, the FBI’s Cyber Division warns. The bureau recommends implementing the following steps to mitigate the threat and protect against ransomware attacks.
- Regularly back up data and password-protect backup copies offline. Ensure backups of critical data are stored on a separate drive that is not on the same network.
- Implement a recovery plan that includes maintaining and retaining multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
- Identify critical functions and develop an operations plan in the event that systems go offline. Think about ways to operate manually if it becomes necessary.
- Install updates/patch operating systems, software, and firmware as soon as they are released.
- Use multifactor authentication where possible.
- Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable timeframe for password changes. Avoid reusing passwords for multiple accounts and use strong passphrases where possible.
- Require administrator credentials to install software.
- Install and regularly update antivirus and anti-malware software on all hosts.
- Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a virtual private network (VPN).
- Consider adding an email banner to messages coming from outside your organization.
- Disable hyperlinks in received emails.
- Focus on cybersecurity awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams).
Please review the cybersecurity information in the Airfield Watch segment of the 2018-19 PAASS Program for more cybersecurity tips.
