The FBI has warned the Food and Agriculture (FA) sector that ransomware actors may be preparing to attack agricultural cooperatives during critical planting and harvest seasons. This could lead to disrupted operations, financial loss and a negative impact on the food supply chain.

The FBI Private Industry Notification states that since 2021, ransomware variants have impacted multiple agricultural cooperatives. Initial intrusion vectors included known but unpatched common vulnerabilities and exploits. From there, secondary infections exploited shared network resources or led to compromised managed services.

Some targeted groups faced slowed or halted production, while other attackers caused administrative and/or website malfunctions. The FBI advises the FA sector to be on alert for more incidents in the near future.

Recent History of Attacks on Agriculture

According to the FBI, in the fall of 2021, six grain cooperatives faced ransomware attacks. Attackers used a variety of ransomware variants, such as Conti, BlackMatter, Suncrypt, Sodinokibi and BlackByte. Some attack victims had to completely halt production, while others lost administrative functions.

In February 2022, a feed milling company reported two incidents in which a malicious actor gained access to company systems and may have attempted to launch a ransomware attack. The attempts were detected and stopped before encryption occurred.

More recently, in March 2022, a Lockbit 2.0 ransomware attack was unleashed against a multi-state grain company. The company provides grain processing, seed, fertilizer and logistics services that are critical during the spring planting season.

High Pressure to Pay Ransom

According to the notification, threat actors might consider agriculture targets more willing to pay a ransom due to time-sensitive production issues. Ransomware attacks occur against the entire Food and Agriculture sector on a regular basis. But the number of attacks against agricultural cooperatives during key seasons raises a special level of concern.

Prior to this, the DHS published guidance about the threat to the agriculture industry. Key issues include threats to:

  • Data confidentiality: Keeping data private is essential to farms and other businesses that engage in precision agriculture to increase crop output. Yield data, farming methods and other proprietary information are vital to remaining competitive.

  • Data integrity: Data collection and analysis helps farmers make decisions that impact food supply at the local, regional or national level. Any lost or adulterated data could lead to significant downstream disruption.

  • Data availability: The compromise of farm equipment communication and guidance systems could lead to problems tending crops and livestock on a timely basis.

Mitigation Steps

The FBI advisory outlined ways to mitigate the risk of attack. Suggestions included:

  • Maintain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud)
  • Install updates and patches to operating systems, software and firmware as soon as they are released
  • Use multi-factor authentication where possible
  • Audit user accounts with administrative or elevated privileges and configure access controls with the least privilege in mind; this could be part of a zero trust approach
  • Disable hyperlinks in received emails
  • Focus on cybersecurity awareness and training. Regularly provide users with training on ransomware, phishing scams and other security principles.

The FBI alert highlights how threat actors target certain industries to take advantage of inherent weaknesses. Now, Food and Agriculture, with its seasonal vulnerability, has been warned.

More from News

Are Threat Actors Using ChatGPT to Hack Your Network?

Though the technology has only been widely available for a couple of months, everyone is talking about ChatGPT. If you are one of the few people unfamiliar with ChatGPT, it is an OpenAI language model with the “ability to generate human-like text responses to prompts.” It could be a game-changer wherever AI meshes with human interaction, like chatbots. Some are even using it to build editorial content. But, as with any popular technology, what makes it great can also make…

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…

New Survey Shows Burnout May Lead to Attrition

For many organizations and the cybersecurity industry as a whole, improving retention and reducing the skills gap is a top priority. Mimecast’s The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost points to another growing concern — burnout that leads to attrition. Without skilled employees, organizations cannot protect their data and infrastructure from increasing cybersecurity attacks. According to Mimecast’s report, 77% of cybersecurity leaders say the number of cyberattacks against their company has increased or stayed the…