The FBI warning notes previous ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer.
“Cybercriminals may see agricultural cooperatives as lucrative targets with a willingness to pay due to the time sensitive role they play in agricultural production,” says Dr Darren Williams, CEO and co-founder of BlackFog. “Last year we saw food supply disruption following attacks on JBS Foods, one of the largest meat processing firms, multi-billion dollar dairy foods company Schreiber, Minnesota-based farm supply and grain marketing cooperative Crystal Valley, and Iowa-based farm service provider NEW Cooperative to name a few.”
Williams adds, “Unfortunately, ransomware attacks are increasing at an unparalleled rate and many organizations are still depending on antiquated technologies to defend against them, so the chances of a debilitating attack targeting our food supply is higher than ever before.”
The conflict in Ukraine has also highlighted the issue of food security and is likely to see many nations taking this threat seriously, with similar guidance already issued in the UK.
Brian Higgins, security specialist at Comparitech, says, “Farmers and food production have been on the cyber criminal radar for some time now. The UK National Cyber Security Centre (NCSC) published guidance in December 2020 and it’s no surprise that the US Authorities are following suit. Criminals will always attack their targets at the points of highest vulnerability to maximize pressure to comply with their demands. That’s why planting and harvesting seasons are of particular interest in the farming community. Couple that with the ongoing supply chain difficulties arising from the COVID pandemic and you can see why the sector needs to up it’s game and take these threats seriously. Profit margins are traditionally very slim for farmers so a successful attack could be incredibly harmful to individual businesses or collectives. Basic cyber protection could be the one thing that keeps the lights on if cyber criminals come knocking.”
Curtis Simpson, CISO at Armis warns of likely knock-on effects, “Much of the food and agriculture supply chain is also enabled by small operations. Some of these operations were already strained by the pandemic and any such attack could simply knock them out of business for good. Once again, as this happens, downstream operations ranging from foodservice providers to restaurants to hospitals and consumers will all have issues sourcing products.”