Experts React: On JBS Foods Hack Must Prompt Supply Chain Cyber Protection

BACKGROUND:

The world’s largest meat supplier, JBS Foods, has been hit by a cyber-attack, the latest in a string of high-profile international hacks which show no sign of slowing down.

Hackers have been crippling supply chains as a priority, following the Colonial Pipeline attack just weeks ago. Protecting these links between critical systems is vital, as cyber security experts explain below. We can no longer underestimate the supply chain‘s importance or consider its security only as an afterthought. Companies must start protecting it with intelligent cybersecurity.

Experts Comments

June 07, 2021
Aman Johal
Lawyer and Director
Your Lawyers

The recent cyberattack involving JBS, the world's largest meat processing company, is unfortunately the latest example in a growing global trend. Organised crime gangs are increasingly targeting large companies which they know they can hold to ransom and whose operations they can severely disrupt. If they price the ransom right, it can be far cheaper and easier for a company to pay up as opposed to losing vast sums of money due to their operations being down. In one recent example, Colonial

.....Read More

The recent cyberattack involving JBS, the world's largest meat processing company, is unfortunately the latest example in a growing global trend. Organised crime gangs are increasingly targeting large companies which they know they can hold to ransom and whose operations they can severely disrupt. If they price the ransom right, it can be far cheaper and easier for a company to pay up as opposed to losing vast sums of money due to their operations being down. In one recent example, Colonial Pipeline reportedly confirmed that it paid a £3.1m ransom in efforts to stop further misuse of personal information, which can lead to costs rising massively in the form of compensation pay-outs and legal action.

 

These attacks can have devastating consequences for businesses and they can put the information of their customers and employees at risk. The solution is simple: all businesses must ensure that they have sufficient cybersecurity measures in place to protect themselves, and they must follow the guidance when it comes to post-cyberattack protocols. Failing to protect servers, systems and information can mean being forced to pay not only hefty ransoms but also regulatory fines, as well the costs of compensation and litigation.

 

With security experts at Sophos estimating that only 8% of businesses that pay a ransom actually get all their data back, it is clear to see that prevention is the only way forward.

  Read Less
June 04, 2021
Jim Gogolinski
Vice President of Threat Intel and Research
iboss

The safety of a nation’s food supply is vital to its national security interests. Although it is unclear at this time whether the attackers intended to disrupt production, as we saw recently with Colonial Pipeline, cyberattacks can have devastating unintended consequences. This attack continues to illustrate that no segment of the public and private sector, regardless of their importance, is off limits to cybercriminals. JBS’s transparency and immediate cooperation with the departments of

.....Read More

The safety of a nation’s food supply is vital to its national security interests. Although it is unclear at this time whether the attackers intended to disrupt production, as we saw recently with Colonial Pipeline, cyberattacks can have devastating unintended consequences. This attack continues to illustrate that no segment of the public and private sector, regardless of their importance, is off limits to cybercriminals. JBS’s transparency and immediate cooperation with the departments of agriculture and law enforcement of both the United States and Australia was a welcome step in the recovery process. As evidenced by the US State Department’s communications with Russia over this attack, nations are going to have to work together to ensure there is no safe haven for cyber-criminals to use as a base of operations.

  Read Less
June 03, 2021
Jeff Williams
CTO and Co-founder
Contrast

We have already seen this year a dramatic acceleration in nation-state attacks on critical infrastructure, such as the Colonial Pipeline which crippled the US for several days. This isolated attack on JBS can have similarly significant impacts and even threaten global food security. This illustrates exactly why organisations need to significantly advance their cybersecurity posture.

 

The FBI are now investigating the attack and most likely, the US government will again focus on trying to

.....Read More

We have already seen this year a dramatic acceleration in nation-state attacks on critical infrastructure, such as the Colonial Pipeline which crippled the US for several days. This isolated attack on JBS can have similarly significant impacts and even threaten global food security. This illustrates exactly why organisations need to significantly advance their cybersecurity posture.

 

The FBI are now investigating the attack and most likely, the US government will again focus on trying to identify and prosecute the attackers, instead of looking at how to strengthen defenses. To prevent these types of attacks the most important thing is basic blocking and tackling.  Focus on the biggest risks and put strong defenses in place.  Then test them continuously to make sure they’re correct and effective.  The days of manual cybersecurity are over.  Everything must be automated and continuous to support our critical infrastructure and keep the world moving.

 

Attackers are increasingly going after organisations that aren’t technology-focused companies and crippling their ability to provide service, creating pressure to pay the ransom quickly.  It’s important to remember that while today’s attacks are ransomware, attackers could just as easily launch other types of attack to cripple businesses.  That’s why it’s important to use a framework like the NIST CSF and get organized about your security efforts.  Don’t simply do a knee-jerk reaction to the latest attack or you’ll chase your tail.

  Read Less
June 03, 2021
Ronnen Brunner
Vice President of EMEA
ExtraHop

Ransomware attacks on critical national infrastructure including food supplies are becoming all too common. The ransomware attack on JBS isn't too dissimilar to the recent Colonial Pipeline ransomware attack, hitting a different type of supply chain and causing significant disruption. It's clear these attacks are going to happen. Businesses can't be protected all the time but these attacks succeed due to outdated systems and because many organisations still rely on perimeter defense and

.....Read More

Ransomware attacks on critical national infrastructure including food supplies are becoming all too common. The ransomware attack on JBS isn't too dissimilar to the recent Colonial Pipeline ransomware attack, hitting a different type of supply chain and causing significant disruption. It's clear these attacks are going to happen. Businesses can't be protected all the time but these attacks succeed due to outdated systems and because many organisations still rely on perimeter defense and signature detection tools. This means when the attacker is inside the network, that organisation is completely vulnerable.


Businesses must learn from the downfall of others. Visibility is crucial for detecting ransomware quick enough to respond before it's too late.

  Read Less
June 02, 2021
Stuart Reed
UK Director
Orange Cyberdefense

The attack on JBS is yet another example of the surging threat posed by ransomware, and a stark reminder of the devastation that can be caused to the business operations of those affected. With global supermarkets and some of the world’s largest corporations set to bear the brunt of the disruption caused by the incident, we are reminded of the importance of having a swift response strategy in place to minimise damage, not just within the business, but throughout the entire supply chain.

 

In

.....Read More

The attack on JBS is yet another example of the surging threat posed by ransomware, and a stark reminder of the devastation that can be caused to the business operations of those affected. With global supermarkets and some of the world’s largest corporations set to bear the brunt of the disruption caused by the incident, we are reminded of the importance of having a swift response strategy in place to minimise damage, not just within the business, but throughout the entire supply chain.

 

In today's volatile cyber landscape, a quick response to an attack is essential. It's not just about identifying a breach when it occurs. Organisations must also have in place a strong incident response strategy, built on a layered approach of people, process and technology. In doing so, organisations can implement intelligent and agile security measures to ensure minimal damage, not only in technical remediation, but also by ensuring that the incident is reported to the authorities quickly to prevent any potential impact on employees, partners or customers and to limit any reputational, financial and legal fallout.

  Read Less
June 02, 2021
John Vestberg
President and CEO
Clavister

We often speak about the impact of cyberattacks on critical national infrastructure in relation to utilities, but this highlights the impact an attack on the food chain can have too. The computer networks at meat processing firm JBS were targeted with ransomware – by a criminal organisation likely based in Russia, according to the White House – with the effects felt in operations in the US, Canada and Australia. It’s warned that the attack could have lasting implications on consumers

.....Read More

We often speak about the impact of cyberattacks on critical national infrastructure in relation to utilities, but this highlights the impact an attack on the food chain can have too. The computer networks at meat processing firm JBS were targeted with ransomware – by a criminal organisation likely based in Russia, according to the White House – with the effects felt in operations in the US, Canada and Australia. It’s warned that the attack could have lasting implications on consumers through product shortages and rising prices, similar to the effects of the Colonial Pipeline ransomware attack last month.

 

Ransomware is becoming an ever-more popular weapon for cyber criminals as it can offer an incredibly high return. The owners of the Colonial Pipeline admitted to paying a $4.4m ransom to Darkside, the attacker, to end the situation and we should all hope that doesn’t set a worrying precedent.

 

“Combatting ransomware requires a proactive, not a reactive, response. Through the use of predictive analytics and tools like AI or ML, security teams can see malware morphing and behaving in certain ways. These are red flags and means they can be seen and caught before ransomware can cripple systems, such as JBS’.

  Read Less
June 02, 2021
Miles Tappin
VP of EMEA
ThreatConnect

Coming so soon after the ransomware attack against the Colonial Pipeline system in the U.S., the attack against JBS, the world's largest meat supplier, further demonstrates the urgent need for critical infrastructure owners and operators to adopt a risk-led cybersecurity programme.



It is becoming clearer by the day that these major firms are not having the proper risk conversations between their cybersecurity experts and the business executives. They must start quantifying and prioritising

.....Read More

Coming so soon after the ransomware attack against the Colonial Pipeline system in the U.S., the attack against JBS, the world's largest meat supplier, further demonstrates the urgent need for critical infrastructure owners and operators to adopt a risk-led cybersecurity programme.



It is becoming clearer by the day that these major firms are not having the proper risk conversations between their cybersecurity experts and the business executives. They must start quantifying and prioritising their risks, leveraging threat intelligence, and automating and orchestrating their responses. And they must shift to this approach immediately. It's the only way forward.

  Read Less
June 02, 2021
Rashid Ali
Enterprise Sales Manager UK & Nordics
Wallix

This latest hack comes less than a month after the Colonial Pipeline cyber-attack and further demonstrates how vulnerable major industry infrastructure is to disruption. The cyber-attack targeted a US company, but its repercussions are being felt worldwide. It’s clear that cybercriminals are going to continue to target critical infrastructure for maximum impact. 

 

So, with sophisticated cyber-attacks increasing by the day, organisations must act fast to safeguard vulnerable infrastructure and

.....Read More

This latest hack comes less than a month after the Colonial Pipeline cyber-attack and further demonstrates how vulnerable major industry infrastructure is to disruption. The cyber-attack targeted a US company, but its repercussions are being felt worldwide. It’s clear that cybercriminals are going to continue to target critical infrastructure for maximum impact. 

 

So, with sophisticated cyber-attacks increasing by the day, organisations must act fast to safeguard vulnerable infrastructure and valuable data. While implementing a first line of defence is a must, this alone is not enough. Organisations need to be prepared and have a comprehensive cyber strategy in place that can secure against remote access, implement zero trust policies and safeguard value data - so that if all else fails, the impact and reach of the hack is limited.

  Read Less
June 02, 2021
Garret F. Grajek
CEO
YouAttest

Though the details of the JBS attack are not out, it's a pretty safe bet that the method of intrusion involved credential theft and privilege escalation. Both of these are key components in the cyber kill chain, the identified method of attack of most exploits. Attackers find a weak way into the system, via stolen passwords, default account credential, phishing or some other means. From there, they use lateral movement across the enterprise and privilege escalation to obtain system access to

.....Read More

Though the details of the JBS attack are not out, it's a pretty safe bet that the method of intrusion involved credential theft and privilege escalation. Both of these are key components in the cyber kill chain, the identified method of attack of most exploits. Attackers find a weak way into the system, via stolen passwords, default account credential, phishing or some other means. From there, they use lateral movement across the enterprise and privilege escalation to obtain system access to important data. This why account reviews and knowledge of privilege changes is imperative to a well-controlled enterprise.

  Read Less
June 02, 2021
Mark Stamford
Founder
OccamSec
  • Given the current deluge of attacks, are organizations focusing enough on preventative measures? 

  • Given the above, can they do this in a cost effective way given that the size of their environment is expanding (cloud, SaaS) 

  • With “assumed breach” as a current cyber security mantra, is focus shifting to the wrong areas? 

  • Everyone talks about a digital Pearl Harbor, yet all these attacks would seem to indicate something more akin to a “death by a thousand cuts” approach, organizations

.....Read More
  • Given the current deluge of attacks, are organizations focusing enough on preventative measures? 

  • Given the above, can they do this in a cost effective way given that the size of their environment is expanding (cloud, SaaS) 

  • With “assumed breach” as a current cyber security mantra, is focus shifting to the wrong areas? 

  • Everyone talks about a digital Pearl Harbor, yet all these attacks would seem to indicate something more akin to a “death by a thousand cuts” approach, organizations being attacked seemingly at will with obvious knee jerk reactions - Calls for Government regulation (imposing costs), more tools being pushed (imposing costs) and a never ending shortage of trained personnel, pushing up wages (imposing costs).

  • So perhaps what we need to do is stop, again, doing the same old stuff…..

  Read Less
June 02, 2021
Max Anderson
Engagement Officer
Concentric
  • In order for the government to be better positioned to prevent these from occurring, it needs to be better informed.
  • Ransomware and cyber extortion as a whole has recently started to affect even those not specifically targeted. The Colonial Pipeline demonstrated this in the near-immediate affect on everyone's gas prices is the latest in a series of expanding and effective schemes. 
  • Ransom payments from cyber extortions was a $350 million industry in 2020, up 311% from 2019. Those that don't
.....Read More
  • In order for the government to be better positioned to prevent these from occurring, it needs to be better informed.
  • Ransomware and cyber extortion as a whole has recently started to affect even those not specifically targeted. The Colonial Pipeline demonstrated this in the near-immediate affect on everyone's gas prices is the latest in a series of expanding and effective schemes. 
  • Ransom payments from cyber extortions was a $350 million industry in 2020, up 311% from 2019. Those that don't pay the ransom are still paying ransom in other ways, with the average cost of downtime as a result of the extortion being 24 times higher than the average ransom amount. 
  • Unfortunately, corporations need to keep in mind that even if a ransom is paid, the extorting party still maintains sensitive data that they could still release, at will. Negotiations only encourage the destruction of stolen data, but have no way to enforce that. 
  • The best way to avoid this vulnerability is to ensure your own systems have a regular cyber audit conducted as well as staff is completely aware of ongoing phishing and extortion trends. No matter how "locked down" a system may be, the weakest link will always remain the human. All workers need to be on constant alert as to what links they're clicking on and who they're giving access for what.
  Read Less
June 02, 2021
Chris Grove
Product Evangelist
Nozomi Networks

Events like this serve to underscore the point about IT and OT converging. Not only does this create new connections between IT and OT that pose risk, more importantly, OT systems are increasingly dependent on IT systems to complete the process they are supposed to be doing. Whether it’s a technical dependency that can cause an outage, or an operational dependency causing a manual forced shut down, the line between IT and OT is as blurred as the airgap from yesteryear. Problems like this beg

.....Read More

Events like this serve to underscore the point about IT and OT converging. Not only does this create new connections between IT and OT that pose risk, more importantly, OT systems are increasingly dependent on IT systems to complete the process they are supposed to be doing. Whether it’s a technical dependency that can cause an outage, or an operational dependency causing a manual forced shut down, the line between IT and OT is as blurred as the airgap from yesteryear. Problems like this beg for solutions that address risk in OT, IT, IOT, and any other Technology used in the operational process. Companies with mature Cybersecurity programs are more resilient to successful hacks and attacks, have a clearer understanding of the blast radius, quicker and lower cost recovery, and easier incident reporting for regulatory or compliance activities.

  Read Less
June 02, 2021
Jonathan Jackson
Director, Pre-Sales APJ
BlackBerry

This latest attack on JBS Foods underscores the ongoing cyber risk to global supply chains and organisations that are critical to the normal functioning of our society. While we are not sure yet of the technical nature of this incident, it follows the devastating ransomware attack on the Colonial Pipeline in the United States. It doesn’t matter whether its logistics, fuel or food – these critical supply chains present unique and complex challenges from a cybersecurity perspective.  

 

Supply

.....Read More

This latest attack on JBS Foods underscores the ongoing cyber risk to global supply chains and organisations that are critical to the normal functioning of our society. While we are not sure yet of the technical nature of this incident, it follows the devastating ransomware attack on the Colonial Pipeline in the United States. It doesn’t matter whether its logistics, fuel or food – these critical supply chains present unique and complex challenges from a cybersecurity perspective.  

 

Supply chain organisations are often investing in technology to uplift efficiency and maximise resources, leaving the security of those systems as an afterthought. Furthermore, cyber attacks on critical organisations including healthcare and utility providers have not only increased but also become more severe since the COVID-19 pandemic began a year ago. These attacks should be a wakeup call for supply chain security – and should prompt us to consider what we define as critical infrastructure, which will inform the steps we take to protect it. Governments around the world need to mandate the use of intelligent cybersecurity solutions that can prevent, detect and respond to these attacks, now and in the future.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.