JBS Foods Attack Shows Hackers Are Getting Their Hooks Into Crucial Supply Chains
The unfortunate trend of cyber incidents aimed at high profile enterprises continues to escalate. Most recently, JBS Foods, one of the world's largest meat producers, has been hit by a major cyberattack impacting its Australian and US operations. In a statement, JBS said it is working with an incident response firm to restore its systems as soon as possible.
“This is the most recent incident in a disturbing trend of cyberattacks that show just how fragile and vulnerable our supply chains and critical infrastructure are. The Colonial Pipeline attack shut down systems that supply 45% of the Eastern United States’ fuel, and the JBS hack has resulted in the shutdown of some of the largest meat processing plants in the world," says Amit Yoran, CEO of Tenable and founding director of US-CERT under the DHS. "These attacks have very tangible impacts that affect large swaths of the population, and it’s possible that we’ll see disruption across the global supply chain if JBS’s systems stay offline for more than a few days."
According to Yoran, it cannot be emphasized enough how critical it is that we understand cyber risk, especially in critical business processes. "The foundation of our global food supply chains, transportation systems and more are under attack because cybercriminals realize how disruptive and lucrative attacks targeting these systems can be," says Yoran in a statement. "As more organizations undergo rapid digital transformation, we continue to see IT systems completely intertwined with operational technology (OT), which brings increased risk to critical infrastructure everywhere.We’ve been encouraged by the government's recent efforts to protect critical operational technology and control systems. It’s equally important that our critical infrastructure, supply chain and logistics providers exercise a standard of care to safeguard their systems and the people who rely on them."
While it's most likely that the food industry being disrupted in the recent cyberattack is undirected and just another monetized prey, it doesn't have to be, explains Stel Valavanis, CEO of Chicago based onShore Security. “The nation-state actors that provide safe harbor for these criminals can then have plausible deniability,” he says.
But that's not what worries Valavanis. “What worries me is that cybercrime is possibly now getting big enough. It's getting big enough to crank up insurance rates. It's getting big enough to open up budgets. It's getting big enough to get lawmaker attention. It's getting big enough to shift the counter-efforts from private hands into law enforcement,” Valavanis tells IndustryWeek. “This will all make a difference. But if there's anything the SolarWinds attack showed us, it's that the criminals can get way more serious and Colonial Pipeline showed us is that it's a stake close to the heart. We in the cybersecurity industry already know this and SolarWinds isn't even the scariest attack. But you all are starting to see it too.” Adds Valavanis, “What do we do to thwart serious attacks, not just script-kiddie level work with an organization behind it? What if we nail the protection and enforcement way down? Do they get amped up against the SMBs or keep going upstream to maintain their ROI? We know what to do about all this. We just don't know if it will be enough because, as the saying goes, ‘You ain't seen nothin' yet.’”
This type of industrial sabotage is, regrettably, not uncommon, explains Nadir Izrael, CTO, Armis. “From the Colonial Pipeline to JBS USA, it is evident that our aging infrastructure is vulnerable. These issues have brought to light the criticality of our supply chain, as attackers forced the company to halt services to resolve the issue — creating significant issues for customers and suppliers,” says Armis. “Cybersecurity and assurance are imperative for all our national utility players and distributors. These systems are aging, and not built with security in mind, and so, unfortunately, we can expect to see more attacks. Though critical infrastructures may be a top target of nation-states today, bad actors ranging from script kiddies to criminal organizations are targeting the vulnerable devices in all industries and sectors.”
This latest attack on JBS Foods underscores the ongoing cyber risk to global supply chains and organizations that are critical to the normal functioning within society, explains John McClurg, SVP and CISO at BlackBerry. “While we are not sure yet of the technical nature of this incident, it follows the devastating ransomware attack on the Colonial Pipeline in the United States,” says McClurg. “It doesn’t matter whether its logistics, fuel or food – these critical supply chains present unique and complex challenges from a cybersecurity perspective. Organizations worldwide should ensure the use of intelligent cybersecurity solutions that can prevent, detect and respond to these attacks, now and in the future.”
Neil Jones, Cybersecurity Evangelist, Egnyte adds, "The recent JBS cyberattack- along with the Colonial Pipeline and Apple/Quanta cyberattacks that preceded it- demonstrate that your organization needs to make cybersecurity a Boardroom priority, if you haven't done so already. For years, cybercriminals have attacked targets for financial gain, but now we're seeing an alarming pattern of debilitating attacks on our food, critical infrastructure, and IP supply chain, which can have a crippling impact across the US economy. While advocating support from your executive team, you need to implement proactive data hygiene and protective behaviors, such as patching your CVEs and hardening your databases now."
Unfortunately, even with the uptick in incidents, the organizational mentality has yet to shift, explains Gary Kuyper of Ferox Consulting. “Organizations do not think it will hit them, but it can and does happen way more than you think,” Kuyper tells IndustryWeek. “Most organizations are behind on setting up adequate security. And a Basic risk assessment with a goal of reducing risk is critical. Likewise, basic staff education and awareness is essential as well as the use of two factor authentication for all systems.”