Another day, another major cyber attack incident it seems. This time, it hits the world’s largest meat producer, JBS SA. This attack has forced the shutdown of all of its U.S. beef plants, wiping out the output from facilities that produce almost a quarter of American supplies.
Details are still emerging about the extent and seriousness of the attack, which JBS discovered on May 30th, and announced afterwards to their staff through a memo on the 31st. However, the attack has forced the company to take systems offline and stop all production in North America.
North America wasn’t the only one affected by this, however. The slaughter operations across Australia were also forced to be taken down, with thousands of workers affected. The incident took place during a weekend and according to Candid Wüest, VP of Cyber Protection Research, Acronis, it is common for cybercriminals to make their move, even during holidays, because IT departments often operate with a small skeleton crew.
“This maximises their chances of remaining undetected with their final payload – until it is too late. Although manual actions, such as shutting down important servers, can sometimes prevent further damage, the best plan is to have an automated prevention, detection and response plan in place,” explained Candid.
He also stated that JBS is still assessing the full situation and not all details have been published – like, for example, the threat actor behind the attack. “It is exemplary that they announced the attack publicly and did not attempt to hide it. They’re also clearly following an incident response plan they had in place, which is good to see”, said Candid.
It is still unclear how many plants worldwide have been affected by the ransomware attack, as Sao Paulo-based JBS has yet to release those details. The expectation of more shutdowns worldwide is already affecting the agricultural markets and raising concerns about food security with hackers continuously target critical infrastructure. Livestock futures collapsed, while pork prices rose.
Hackers now are keeping a close eye on the commodities industry, with the JBS attack coming just three weeks after Colonial Pipeline Co., operator of the biggest U.S. gasoline pipeline, was targeted in a ransomware attack.
Speaking of the Colonial Pipeline attack, Candid also shared his view on the trend of targeting the top supply chain. He mentioned that cybercrime is a business that is out to make profits and they go after any target which can’t afford to be offline or has weak defences.
“Franchising is a common method for scaling business operations and, sadly, ransomware is not an exception. There are franchisees of ransomware gangs (what they call “pentesters”), and they specialise in certain industries – familiar with certain software stacks, the ways how those industries are operating.”
Candid continued, “They are also agile, ready to quickly apply working methods across their potential targets. In other words, if they have initial access (through phishing or credential purchasing) to 10 companies and certain privilege escalation technique worked in one of them, chances are it may work in others in the same industry – simply because they are using the same software. That’s how they scale-out.”
The White House Deputy Press Secretary, Karine Jean-Pierre, told reporters that the White House offered assistance to JBS after the company notified the Biden administration on May 30th that the cyber attack is likely to come from a criminal organisation based in Russia. This has sparked their attention and the White House is engaging directly with the Russian government on this matter.
Since May 2020, it was reported that there have been more than 40 ransomware attacks against food companies, said the senior security architect at cybersecurity analytics firm Recorded Future, Allan Liska.
Despite suspending its own IT systems in Australia and North America, JBS’ backup servers were reportedly unaffected. The company is working to restore systems as soon as possible, according to a Monday statement from JBS USA.
Matt Dalgleish, manager of commodity markets insights at Thomas Elder Markets, said the shutdown is still a big concern for exports if it drags on – noting that Australia ships overseas about 70% to 75% of red meat products from sheep and cattle.
“Given the size of JBS globally, if they were offline for any more than a week, then we’re going to see disruption to supply chains for sure,” he said.