September 14, 2022 By Jonathan Reed 2 min read

The FBI has warned the Food and Agriculture (FA) sector that ransomware actors may be preparing to attack agricultural cooperatives during critical planting and harvest seasons. This could lead to disrupted operations, financial loss and a negative impact on the food supply chain.

The FBI Private Industry Notification states that since 2021, ransomware variants have impacted multiple agricultural cooperatives. Initial intrusion vectors included known but unpatched common vulnerabilities and exploits. From there, secondary infections exploited shared network resources or led to compromised managed services.

Some targeted groups faced slowed or halted production, while other attackers caused administrative and/or website malfunctions. The FBI advises the FA sector to be on alert for more incidents in the near future.

Recent history of attacks on agriculture

According to the FBI, in the fall of 2021, six grain cooperatives faced ransomware attacks. Attackers used a variety of ransomware variants, such as Conti, BlackMatter, Suncrypt, Sodinokibi and BlackByte. Some attack victims had to completely halt production, while others lost administrative functions.

In February 2022, a feed milling company reported two incidents in which a malicious actor gained access to company systems and may have attempted to launch a ransomware attack. The attempts were detected and stopped before encryption occurred.

More recently, in March 2022, a Lockbit 2.0 ransomware attack was unleashed against a multi-state grain company. The company provides grain processing, seed, fertilizer and logistics services that are critical during the spring planting season.

High pressure to pay ransom

According to the notification, threat actors might consider agriculture targets more willing to pay a ransom due to time-sensitive production issues. Ransomware attacks occur against the entire Food and Agriculture sector on a regular basis. But the number of attacks against agricultural cooperatives during key seasons raises a special level of concern.

Prior to this, the DHS published guidance about the threat to the agriculture industry. Key issues include threats to:

  • Data confidentiality: Keeping data private is essential to farms and other businesses that engage in precision agriculture to increase crop output. Yield data, farming methods and other proprietary information are vital to remaining competitive.

  • Data integrity: Data collection and analysis helps farmers make decisions that impact food supply at the local, regional or national level. Any lost or adulterated data could lead to significant downstream disruption.

  • Data availability: The compromise of farm equipment communication and guidance systems could lead to problems tending crops and livestock on a timely basis.

Mitigation steps

The FBI advisory outlined ways to mitigate the risk of attack. Suggestions included:

  • Maintain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud)
  • Install updates and patches to operating systems, software and firmware as soon as they are released
  • Use multi-factor authentication where possible
  • Audit user accounts with administrative or elevated privileges and configure access controls with the least privilege in mind; this could be part of a zero trust approach
  • Disable hyperlinks in received emails
  • Focus on cybersecurity awareness and training. Regularly provide users with training on ransomware, phishing scams and other security principles.

The FBI alert highlights how threat actors target certain industries to take advantage of inherent weaknesses. Now, Food and Agriculture, with its seasonal vulnerability, has been warned.

More from News

DHS awards significant grant to improve tribal cybersecurity

4 min read - The Department of Homeland Security (DHS) has awarded $18.2 million in grants through the Tribal Cybersecurity Grant Program to boost cybersecurity defenses among Native American Indian Tribes. The program takes a big step in addressing the unique digital threats faced by tribal communities — a dedicated effort to improve cybersecurity infrastructure across these regions. The $18.2 million grant is just one component of DHS's broader strategy to enhance national cybersecurity. Administered by the Federal Emergency Management Agency (FEMA) in partnership…

ONCD releases request for information: Open-source software security

3 min read - Open-source software is a collective partnership across the development community that requires both private and public buy-in. However, securing open-source software can be tricky. With so many different people working on the coding, security measures are often overlooked, increasing the chances that a vulnerability will fall through the cracks and be exploited. The Open-Source Software Security Initiative (OS31) aims to provide governance over open-source security processes. After the Log4Shell vulnerability, securing open-source software became a top priority for the federal…

3,000 “ghost accounts” on GitHub spreading malware

3 min read - In the past, cyber criminals directly distributed malware on GitHub using encrypted scripting code or malicious executables. But now threat actors are turning to a new tactic to spread malware: creating ghost accounts. A highly effective malware campaign Check Point Research recently exposed a new distribution-as-a-service (DaaS) network, referred to as the Stargazers Ghost Network, that has been spreading malware on GitHub for at least a year. Because the accounts perform typical activities as well, users did not realize that…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today