Held Hostage: FBI Raises Alarm on Ransomware Attacks Against Food & Agriculture Sector
The food and agriculture sector is facing a higher threat of ransomware attacks during critical planting and harvesting seasons, according to a notice issued by the FBI earlier this week.
The private industry notification noted that the Bureau is already aware of six ransomware attacks against grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact planting season by disrupting the supply of seeds and fertilizer.
In March 2022, for instance, a multi-state grain company was the target of a Lockbit 2.0 ransomware attack. The company also provides seed, fertilizer, and logistic services, which are especially important during the spring planting season.
“Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agriculture production,” according to the FBI. “Although ransomware attacks against the entire farm-to-table spectrum of the [food and agriculture] sector occur on a regular basis, the number of cyber attacks against agricultural cooperatives during key seasons is notable.”
The FBI also highlighted that a “significant disruption” of grain production would have ripple effects across the entire food chain because grain is also used for animal feed.
“In addition, a significant disruption of grain and corn production could impact commodities trading and stocks,” the FBI explained. “An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products and have cascading effects down to the farm level as animals cannot be processed.”
The 2021 and 2022 activity the FBI was monitoring included intrusions that leveraged unpatched vulnerabilities and exploits, along with compromises of managed services for the food and agricultural sector.
In July 2021, for example, a business management software company discovered HelloKitty/Five Hands ransomware on its network and the attacker demanded $30 million in ransom. The incident led to a secondary ransomware attack on the company’s clients, including agricultural cooperatives.
“Agricultural companies cannot always afford to staff IT and security roles, so they are very reliant on the managed service providers to provide protection,” said Allan Liska, an intelligence analyst at Recorded Future, in an interview with CyberScoop. “When those managed service providers are compromised there are usually no protections in place to protect the victims.”
The agriculture industry has become increasingly digitized during the past 50 years as machinery expands and the industry increasingly uses technology to cultivate crops. Consulting firm McKinsey estimated in 2020 that about one-quarter of U.S. farms used connected equipment and devices to access data via 2G and 3G networks.
At the Consumer Electronics Show (CES) in Las Vegas in January 2022, John Deere unveiled a tractor that uses stereo cameras and artificial intelligence to perceive its environment and navigate without input from a human operator—a trend that has been moving forward in farming for years, according to WIRED.
John Deere’s 8R tractor “can find its way to a field on its own when given a route and coordinates, then plow the soil or sow seeds without instructions, avoiding obstacles as it goes,” WIRED wrote. “A farmer can give the machine new orders using a smartphone app. Some tractors already operate autonomously, but only in limited situations—following a route defined by GPS, for example, without the ability to navigate around obstacles. Others feature limited autonomy that still requires a farmer to sit behind the wheel.”
While the ability for a tractor to drive itself frees up individual operators, the data these vehicles collect on land conditions and more could be leveraged to provide additional value to the agricultural sector—such as through data analysis of weather conditions, commodity prices, maturity indexes, and projected yield.
“Agriculture is seen as an industry ideally suited to large-scale data collection and analysis, and technology companies more closely associated with databases and computer hardware are seeing opportunities,” according to The New York Times.
IBM, for instance, purchased the Weather Company in 2016 “bringing supercomputer prowess to what once depended on the centuries of record-keeping by trusted prediction tools like The Old Farmer’s Almanac,” the Times reports, by using sensors throughout a farm, satellite imagery, and more.
The FBI notice also comes at a time when the U.S. government has been raising the alarm of “increased threats” from Russian hacking groups against critical infrastructure, which includes the food and agricultural sector. The food and agriculture sector has been under stress in response to the war in Ukraine, and these threats are not likely to abate due to the value the industry has in a global society.
“Just like the Colonial Pipeline hack that caused operators to shut down systems that supply 45 percent of the Eastern Seaboard, cyberattacks on the supply chain, like JBS, cause prices to soar, demand to increase, and supply to wane,” wrote Greg Gatzke, president of ZAG Technical Services, for our August 2021 issue of Security Technology. “And our food supply will continue to be a target.”
To mitigate this threat, the Bureau made a series of recommendations that are considered best practices for preventing and responding to ransomware attacks: regularly backing up data and storing that backup in an air-gapped, password-protected method; implementing a recovery plan; and identifying critical functions to develop operations plans should a system go offline.
“Focus on cybersecurity awareness and training,” the FBI said. “Regularly provide users with training on information security principles and techniques, as well as overall emerging cybersecurity risks and vulnerabilities (i.e. ransomware and phishing scams).”