The Des Moines Register reports on a cyberattack on Farmers Cooperative Elevator Co. of Arcadia IA by the BlackByte ransomware gang. BlackByte warns it will expose 100 gigabytes of sensitive data such as financial, sales and accounting information, should its ransom demand go unmet.
The attack follows September cyberattacks on The New Cooperative, a 60-site farm services organization in Ft. Dodge IA that is still is working to restore operations, and the Crystal Valley Cooperative, a leading farm and grain cooperative headquartered in Mankato, Minnesota. Five cybersecurity experts offer perspective.
<p>The world\’s infrastructure and supply chains are at risk. The state actors have been probing each other’s vital resource management systems for years. Now the tools, mechanisms and attack vectors are in the hands of various groups of state sponsored and non-state actors. The fact that attack software can be bought on the dark web and then used by \"affiliates\" should alarm all, especially those responsible for the availability of key societal resources like energy (e.g. Colonial Pipeline) and now food, the US Central and Midwestern Grain cooperatives. Fortunately, the defense against these attacks is to follow cyber security guidelines set forth by the security community, especially the National Institute of Standards and Technology which publishes the CyberSecurity Framework 800-53 (Rev5). The Framework dictates best practices around security, including a focus on identity, citing the principle of least privilege to keep roles of the users minimal, which helps to ensure minimal damage when users credentials are compromised.</p>
<p>Ransomware can be a devastating setback especially for manufacturing and distribution companies that rely on “just in time” supply chain processes. While there are many sources for a ransomware infection, one of the main ones is via compromised credentials. Distribution locations have many shared work environments such as warehouses and kiosks which are notorious for password sharing. A shared credential is a vulnerable credential that can be easily guessed, social engineered, phished or brute force hacked by a bad actor. The bad actor then pretends to be the legitimate user when accessing the environment and uploads malware into the IT system. </p>
<p>All companies can and should aggressively pursue passwordless authentication methods such as “phone as a token” and / or FIDO2 security keys. Such methods establish an un phishable connection with the end user and eliminate the threat of credential theft thereby making the environment impervious to ransomware. Also, these authenticators are easier to use and cause less user friction compared to traditional MFA thereby gaining easier workforce acceptance.</p>
<p>Many infrastructure organizations turn a blind eye to these such cries for reasons ranging from antiquated or outdated systems, lack of funding for such systems, to lack of competent cyber staff and strategy, along with the “this won’t happen to me” mentality. I’m becoming deeply worried that these attacks upon our national infrastructure (e.g., fuel distribution, food supply chains, et al) are harbingers of things to come; “test runs” for more nefarious acts. These organizations need more than simple urging from the US Secretary of Agriculture; they need direction and operational and technical support in addressing these infrastructure challenges.</p>
<p>How many of these attacks are more than money grabs? When one sector or industry is hit by criminals like this, is this random or another intentional strategy to damage the US supply chain? We’re all hoping that this won\’t make too much of an impact, but if others don\’t shore up their defenses and do thorough risk assessments and business impact analysis, they\’ll be part of something worse in the future. Even if this latest attack wasn\’t a strategic move by our adversaries, they\’re still watching what happened and what isn\’t fixed.</p>
<p>Supply chain attacks have some of the highest impacts because of the magnified downstream impact. These interconnected systems often have a wide-ranging attack surface and are not necessarily \"tech first.\" This can lead to underinvesting in cybersecurity teams and related infrastructure. The industry should take note, not only is it essential to have an incident response team at the ready, a response plan including communication to those impacted is also critical to contain the fallout from such attacks. New Cooperative needs to significantly invest in cyber security professionals. Having a strong team in place is the best defense and also positions organizations for a rapid rebound. These requirements are quickly becoming fundamental principles for any company that can be hobbled by a cyber-attack.</p>