US food supply chains are at risk of potentially devastating ransomware attacks, the FBI has warned.
A new Private Industry Notification sent out this week claimed that agricultural cooperatives may be viewed as attractive targets during the planting and harvesting seasons.
Attacks could cause financial loss and operational disruption and impact the food supply chain, given that grain is also used for animal feed. Compromises at dairy or meat processing facilities can lead to delays which result in spoiled products, the notice explained.
“The FBI noted ransomware attacks during these seasons against six grain cooperatives during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertilizer,” it said.
“Cyber-actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time sensitive role they play in agricultural production.”
The notice listed multiple examples of unnamed agricultural sector firms that have been compromised by ransomware since last year. These include a supply chain attack in which a software company was attacked in July 2021, impacting downstream agricultural clients.
“Initial intrusion vectors included known but unpatched common vulnerabilities and exploits, as well as secondary infections from the exploitation of shared network resources or compromise of managed services,” the FBI said.
“Production was impacted for some of the targeted entities, resulting in slower processing due to manual operations, while other targeted entities lost access to administrative functions such as websites and email but did not have production impacted.”
There is an added urgency for US critical infrastructure organizations to improve their resilience against such threats, given multiple warnings that pro-Russian groups may be about to unleash a salvo of attacks.
The Five Eyes intelligence group this week issued a detailed alert outlining mitigation steps, alongside the threat techniques used by both Russian state and cybercrime groups.
The FBI also listed multiple best practice recommendations in its notice, including regular patching, multi-factor authentication, disabling RDP ports and improving employee cybersecurity awareness.