What You Need to Know About the JBS Foods Cyberattack
As the pandemic continues to affect supply chains worldwide, food production companies have faced significant hurdles distributing to wholesale and retail outlets. Food prices, including beef, have been rising over the past twelve months, forcing grocers to charge higher prices, restaurants to change menus, and consumers to scramble to find many staples. Retailers and restaurants were already stocking up in preparation for a summer season in which consumers, pent-up from COVID-19 mitigation procedures, might be more prone to dining out and socializing than before. The recent cyberattack of JBS Foods, one of the world’s biggest food companies, could not have come at a worse time for an industry already under strain.
The JBS attack explained
You may not have heard of JBS Foods but have surely eaten one or more of its products. Headquartered in Colorado, the company employs 66,000 people and produces one-fifth of the world’s chicken, beef, and pork. On May 30, JBS S.A., a Brazilian-based subsidiary of JBS Foods, learned it had suffered a cyberattack. As a result, JBS Foods shut down IT systems and production plants throughout North America and Australia. Given the significant consolidation in the meatpacking industry with JBS’ standing as one of only four major meat producers worldwide, industry analysts predicted rising prices and meat scarcity as possible consequences.
News publications reported that a Russian cybercriminal organization known as REvil was responsible. The group had announced in October 2020 that it had begun to target the agricultural center. However, unlike the Colonial Pipeline attack, where the criminal group DarkSide claimed responsibility, REvil has not made a similar acknowledgement. The FBI is still investigating the case.
Typically, cybercriminals like REvil can penetrate network security by using harvested access credentials, encouraging employees to download malware, or, less commonly, engaging in brute force attacks to obtain passwords. When they’ve accessed a system, they may steal sensitive information and threaten to publish it or encrypt critical assets, demanding the victim pay a ransom to avoid either outcome. The company may feel compelled to pay the ransom, particularly if it cannot restore operations from backup data in relatively short order or if backup data has been compromised as well.
As per media reports, the attack did not compromise food safety, nor did the disruption last particularly long. The company issued a statement indicating that no employee, customer, or supplier data had been compromised and that backup servers had not been affected. JBS resumed production at its facilities on June 3, and as per the company’s CEO in a later statement, paid an $11 million ransom to the attackers in bitcoin.
Was the JBS Foods attack an isolated incident?
While JBS was the largest food company to fall victim to a ransomware attack, food companies have increasingly been caught in the crosshairs. At least 40 have been targeted over the past 12 months, a fraction of the estimated 1,400 ransomware attacks that occurred in 2020. The pandemic has both highlighted long-standing corporate cybersecurity vulnerabilities and yielded new ones.
In the U.S., there are federal cybersecurity mandates for the banking, electric, and nuclear systems (with new ones being developed for the oil industry). However, there aren’t federally mandated cybersecurity standards for other critical infrastructure areas. Canada’s national critical infrastructure strategy, which has not been updated since 2009, makes no mention of cybersecurity threats. And in their absence and despite warnings from experts, companies in critical industries (along with companies in most other industries) have not been as diligent as needed to secure their operations from cyberattacks.
In fact, many critical industry companies rely on ageing systems that were developed before cybersecurity became a major business concern. A relatively straightforward hacking effort targeting a plant’s automated machinery could grind a business’s operations to a halt, leaving unprepared companies under pressure to pay a ransom. And these corporations represent enticing targets because of those glaring security vulnerabilities and their potential for a large payout. Emboldened by successful strikes, cybercriminals will continue to target critical infrastructure and the vast majority of businesses across industries.
Where will cybercriminals attack next?
Groups like DarkSide, REvil, and others often post industries they’re targeting on the dark web. However, they don’t announce specific companies they’re targeting in advance. Many of these groups are also based in countries that do not have formal extradition treaties or strong mutual law enforcement cooperation agreements with the countries where their targets are headquartered. Therefore, it’s challenging for Canadian law enforcement agencies to investigate, track down, and bring these criminals to justice.
The role of nation-state actors has also come under increasing scrutiny. There’s been speculation among foreign policy experts that some recent high-profile attacks were perpetrated with the knowledge, and possible direct approval, of foreign governments. For much of the past decade, many countries have been engaged in cyber warfare, including attacks on publicly and privately owned critical infrastructure assets. These efforts broaden the scope of potential targets and potentially the strength and sophistication of cyberattacks a company may face.
Given the range of recent targets, including government agencies, large corporations, schools, and nonprofits, it’s safe to say that any company could be next. Business leaders must invest in the appropriate cybersecurity infrastructure and personnel to secure their operations, regardless of whether they are legally mandated to do so. Investment includes strengthening network security fundamentals, including upgrading firewalls, deploying the latest antivirus/antimalware applications, and patching software. It means proactively searching for threats, scanning the dark web for compromised information, and keeping pace with the latest threat actors and trends.
Further, business leaders must empower dedicated cybersecurity experts to manage this aspect of their operation and provide them with the resources they need. Emergency response plans should incorporate the possibility of cyberattacks along with business continuity plans in case corporate networks are compromised. Employees must be trained continuously about cybersecurity so they can identify and address suspicious activity appropriately. And companies must review and adjust their cyber insurance liability policies to provide them with the greatest protection in case of an incident.
For many companies, understanding where to start is the biggest challenge. Cybersecurity is an enterprise-wide effort requiring dedicated time and resources, which many companies lack. If you want to take the first step to secure your business but don’t know how to get started, reach out to us at EasyIT. We’ll work with you to assess your cybersecurity and develop a comprehensive plan to strengthen it. We’ll work with you to identify and remediate weaknesses and develop business continuity plans tailored to your company. And, utilizing our Network Security Operations Center, you can have dedicated cybersecurity professionals monitoring your network in real-time, investigating anomalous activity, and responding to threats.
Contacting EasyIT is the first step towards safeguarding your business from cyberthreats, foreign and domestic. Reach out to us today, and let’s get started.