Who wants to mess with the food supply? Foreign adversaries and crooks, that’s who. The US food and agriculture sector dealt with at least 167 ransomware attacks last year, according to a leading industry group. In its first annual report, the Food and Agriculture-Information Sharing and Analysis Center (Food and Ag-ISAC) said the industry was the seventh most targeted sector in the country, behind manufacturing, financial services and others. Thus far in the first quarter of 2024, the sector has counted 40 attacks, a slight decrease on the year before.
Multiple large food companies dealt with cyber incidents in 2023, including Dole, Sysco and Mondelez. The US Department of Agriculture (USDA) reported that last year it was affected by a ransomware group’s exploitation of a popular file transfer tool, exposing troves of industry information.[1]
Jonathan Braley, director of the Food and Ag-ISAC, which was formed in 2022 following a run of attacks on the industry that directly affected food pricing, recently said that their sector is in the middle of the pack compared to other critical infrastructure sectors affected by ransomware. Still, people must eat.
Ransomware gangs are going after low-hanging fruit and organizations with discoverable or exploitable security lapses, he said. Braley noted that there was a 54% increase in ransomware attacks across sectors in January, year-on-year. The law enforcement takedowns of LockBit and BlackCat are having a noticeable effect, he said, with steep decreases seen in both February and March. “Should the 2024 pace have continued without law enforcement disruptions, we would have likely been on pace to break 2023's numbers,” Braley said. “We are monitoring the impact of the disruptions to LockBit and BlackCat, as affiliates are moving to new ransomware strains with different tactics, techniques, and procedures.” According to the report, LockBit accounted for 40 attacks in 2023, representing about a quarter of all attacks. BlackCat attacked 15 different agriculture victims in 2023 followed by ransomware gangs like Play, 8Base and Akira.
So far in 2024, the Play group has taken over as the most prolific gang, claiming responsibility for five attacks on the agriculture sector thus far. Play (also Play Ransomware or PlayCrypt) is a hacker group responsible for ransomware extortion attacks on companies and governmental institutions. The group emerged in 2022 and attacked targets in the United States, Brazil, Argentina, Germany, Belgium and Switzerland. Security experts suspect that the group has links to Russia, since the encryption techniques used are like those used by other Russian-linked ransomware groups such as Hive and Nokoyawa.[2] The FBI also warned last fall that the Snatch ransomware group was targeting the agriculture industry.
The Food and Ag-ISAC works with the IT-ISAC in compiling figures based on open-source intelligence and active monitoring of the dark web and data leak websites. They also receive data from members and partners and distribute a monthly report to members so they know what trends are emerging and how they can best protect their companies.
The IT-ISAC tracked a total of 2,905 ransomware attacks across all industries in 2023. While the numbers specific to the food and agriculture industry are relatively small, the interconnected nature of the industry means an attack on one company often affects others. “For example, ransomware attacks could impact or disrupt processes along agricultural production lines, such as seed production. Any downtime caused by an attack could lead to a chain reaction of delays, potentially causing late planting or harvesting windows,” the organization explained. “As a result, crops may need to be palletized and moved to other regions with an active growing season, which is done in cases of severe weather such as droughts or flooding. This is an expensive and taxing process that puts strain on organizations, costing them already limited time and resources.”
The ransomware attack on Dole in February 2023, for example, impacted shipments to grocery stores, which were unable to stock Dole salad kits because of the attack. The research also highlights the threat of intellectual property theft in the industry with certain companies spending years on genetic crop work that can be stolen in a moment.
The US Congress has sought to directly address attacks on the industry with several bills aimed squarely at providing funding to help companies better protect themselves.
In January 2024, a bipartisan duo of US senators introduced legislation to boost digital defenses in the agriculture and food critical infrastructure sectors. Another bill from 2023 would establish a hub inside the National Telecommunications and Information Administration to assist agricultural producers to secure their technology and harden their operations against hackers. It also would create a hotline that offers advice and best practices on cyber issues.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424
[1] https://therecord.media/food-and-agriculture-hit-with-ransomware-attacks/
[2] https://www.itpro.com/security/369809/play-ransomware-gang-behind-recent-cyber-attack-on-rackspace
Comments