The FBI has issued a Private Industry Notification (PIN) about cybercriminal actors targeting the food and agriculture sector with ransomware attacks.
Farms are literally the first step in one of the most important, if not _the _most important, supply chain in our economy: The food supply chain. As always, cybercriminals love the extra leverage that is provided by how important a target is.
Ransomware attacks targeting the food and agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. Food and agriculture businesses victimized by ransomware suffer significant financial loss from ransom payments, loss of productivity, and the (often neglected) cost of remediation. And, as the FBI points out, no operation is too big, or too small, to be a target:
> Larger businesses are targeted based on their perceived ability to pay higher ransom demands, while smaller entities may be seen as soft targets, particularly those in the earlier stages of digitizing their processes…
The FBI also warns that ransomware can carry a cost in lost data: "Companies may also experience the loss of proprietary information and personally identifiable information (PII) and may suffer reputational damage resulting from a ransomware attack."
Agriculture may not be the first industry you associate with cybersecurity problems, but we all need to be aware of the risks created by connecting this ancient part of our food supply chain to the Internet. As farms have grown in scale they have increased their level of automation, making farms and farm equipment Internet-connected cogs in the of the Internet of Things "machine". This comes at the cost of a significant increase of their attack surface.
The state of IoT is poor enough as it is, security wise. But manufacturers of agricultural equipment have spent the last few years locked in an automation arms race, and the side effects of this race are starting to show. In any industry that is developing and adopting new technology at pace you can expect growing pains and security is often the last thing on the developers’ minds. So it is with agriculture.
In our most recent Lock and Code podcast, Malwarebytes Labs' David Ruiz spoke to hacker Sick Codes, whose research into cybersecurity in agriculture has been instrumental in raising its profile this year.
In it, he told us that the industry is starting to take security seriously, but it is still grappling with the basics, leaving it dangerously exposed. Speaking about his research into John Deere and another agricultural equipment manufacturers, he gave us an example of what he found, in plain terms:
> A group of less than 10 people were able to pretty much get root [the highest level of access] on John Deere’s Operations Center, which connects to every other third party connectivity service that they have. You know, you can get every farms’ data, every farms’ water, I’m talking everything. We had like the keys to the kingdom. And that was just a few people in two days.
Sick Codes and the FBI aren't the only ones to notice that something is up in agriculture. As we pointed out in our State of Malware report, published earlier this year, Malwarebytes recorded an eye-watering 607% increase in malware detections in the agriculture sector in 2020.
Malwarebytes recorded a 607% increase in agriculture sector attacks in 2020
As the manufacturing and automotive sectors contracted in 2020, under the weight of pandemic shutdowns, attackers simply turned their faces to other industries, with agriculture by far the biggest loser.
While the FBI's warning focusses on the threat to individual operators, the rapid computerization of agriculture also carries potential risks for the system of food production itself.
Connectivity and centralization could create opportunities for threat actors—state sponsored or otherwise—to throw a wrench in the workings of our critical infrastructure. Attackers could potentially provide false data to farming equipment, change the temperature in greenhouses, alter the composition of fertilizers, or bring businesses to a crashing halt by deploying ransomware. All of which could lead to shortages and increased food costs.
The agriculture sector needs to be as prepared as any other sector to withstand attacks by cybercriminals. But the sector is only as secure as the technology it relies on, so our food supply requires secure IoT devices and Cloud services for food and agriculture too.
The FBI notice includes the following recommendations:
To learn more about the current state of cybersecurity in the Internet-connected world of agriculture, you can listen to our Lock and Code podcast below:
This video cannot be displayed because your Functional Cookies are currently disabled.
To enable them, please visit our privacy policy and search for the Cookies section. Select "Click Here" to open the Privacy Preference Center and select "Functional Cookies" in the menu. You can switch the tab back to "Active" or disable by moving the tab to "Inactive." Click "Save Settings."
The post FBI warns of ransomware threat to food and agriculture appeared first on Malwarebytes Labs.