The threat of cybercrime and ransomware attacks against critical industries is a growing concern for businesses across the United States. Unfortunately, this challenge is not going away any time soon. Cybercriminals are opportunistic and see agribusiness as easy targets because of underinvestment in IT over a long period of time, and because the industry operates 24/7/365, creating leverage for attackers to use in their ransom demands.
In this post we’ll provide some background on recent Whitehouse cybersecurity communications, along with some cyber risk mitigation recommendations.
In June 2021, the White House released an open letter discussing how ransomware could impact the agriculture industry. The letter shares information technology security best practices to be adopted, including multi-factor authentication and business continuity planning. As we approach another holiday weekend, it’s worth noting that cybercriminals target holidays because IT departments tend to be understaffed, and because they like to “add misery to the pain they are causing.”
Lessons from Previous Ransomware Attacks
In the recent months, we have all seen an increasing number of attacks on the supply chain. Colonial Pipeline in early 2021, and weeks later global meat processing company JBS paid an $11 million to the REvil ransomware group.
Paying ransom is also a leading indicator that a company will be hacked again. “Separate studies have shown 50-80 percent of victims that paid the ransom experienced a repeat ransomware attack by either the same or different actors. Although cybercriminals use a variety of techniques to infect victims with ransomware, the most common means of infection are email phishing campaigns, Remote Desktop Protocol vulnerabilities, and software vulnerabilities.”
While many lessons can be learned by understanding the vulnerabilities of the attacked businesses, hackers continuously evolve and improve their processes, further emphasizing the need for proactive efforts.
FBI Advisory to the Ag Industry
On September 1st, the FBI released an advisory stating increasing threats of ransomware targeting food and agriculture sectors to disrupt their supply chains. The attackers “exploit network vulnerabilities to exfiltrate data and encrypt systems in a sector that are increasingly reliant on smart technologies, industrial control systems, and internet-based automation systems,” causing financial losses to those experiencing a disruption of operations.
Economic losses include but are not limited to ransom payments, remediation costs, and lack of productivity through the business line. Other adverse outcomes include losses of proprietary information and personally identifiable information (PII), possibly resulting in reputational damage to a business.
The notice explains that attackers encrypt their victims’ files, making them unavailable to the company. To gain back the files, the attacker demands payment (typically via Bitcoin) in return for a key to unlock the data. With ransomware attacks, smaller businesses are soft targets while larger ones have increased threats as they tend to have more money to pay the ransom the attackers are demanding.
Cybercrime Mitigation Recommendations
In the released advisory, the FBI and DHS-CISA put together a list of recommendations organizations and individuals can take to increase defenses against cybercrime threats. We discussed many of these actions in previous posts on the blog, and in our recent Ag-focused statements (here, here):
- Copies of critical data should be backed up, password-protected, and unmodifiable
- Implement network segmentation, disaster recovery plans
- Install updates/patch operating systems, software, and firmware as released
- Utilize multi-factor authentication and strong passphrases
- Regularly change passwords, do not use duplicate passwords on different platforms
- Disable unused remote access/RDP ports and monitor remote access/RDP logs
- Require administrator credentials when installing software
- Install and regularly update anti-virus and anti-malware software on all hosts.
- Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN
- Add an email banner to messages coming from outside your organization
- Disable hyperlinks in received emails
- Be up to date on information security principles and techniques and overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams)
To discover actionable insights your business can take to protect against cyber threats, start with these articles: