top of page

How non-state hackers target the commodities sector across the US

It has now become clear that “critical infrastructure” includes all of us.

The frequency and scope with which cyber-attacks on large organizations are taking place has made the prospect of future catastrophic attacks seem inevitable. For a little over a decade, we have watched cyber-attacks grow in scope from focusing individuals’ personal information such as credit card details, bank account details, or social security numbers to major, devastating events with little sign of slowing down or stopping.

Within the past 6 months, attacks on critical supply chain sectors, namely the food and energy industry attacks such as JBS group and Colonial, have made it clear how vulnerable our dependence is on these organization’s networks are. JBS’ recent ransomware attack led to operations getting affected in JBS Australia and Canada beef plants in addition to nine plants in the US alone.

Malicious non-state actors have given been one step ahead of the cybersecurity professionals at every turn, perpetuating the “cat and mouse” dynamic. It has become abundantly clear that actors have moved beyond the “usual suspects” (banking, insurance, and IT) and begun to focus on all players in our critical supply chain infrastructure impacting consumers immensely. In addition, the possible scenario of the future attacks on food and agricultural markets has raised concern on food security with prices of pork rising and livestock’s futures prices going down. An attack on these vital organizations is an attack on us all.

Modus operandi of hackers

Cyber-attacks have evolved over the years, especially with the increasing usage of cloud technology by consumers and businesses. However, many organizations are still carrying on the hybrid cloud- physical systems. Cyber-attacks have, for years now, moved beyond being limited to data theft from physical assets but focused on other dangerous impact events such as data encryption. Hackers encrypt data, locking out the business operations at the back end and consumer-facing ends. This type of Ransomware attack means that businesses have to pay a hefty ransom to decrypt data.

Hackers are aware that targeting a beef processing company like JBS means attacking a central node of, what is likely a network without an innovative security strategy. A single attack can shut down operations right from cattle pastures, intensive feeding infrastructure of animals or feedlots, slaughter plants, processing, and supply chain to the last mile grocery store. The attack meant everybody from farmers to restaurants and all the way to consumers being affected. JBS reportedly processes millions of cattle annually, including pigs, cattle, lambs, sheep, goats, and chickens.

A former director of the US Cybersecurity and Infrastructure Security Agency has advised Corporate and Government executives of all industries to form cybersecurity teams. This action is to defend against cyber attacks that are now happening with alarming frequency in the US.

USA Meat Industry

JBS is among the top few players in the beef industry in the US. The Brazilian headquartered beef company caters to nearly 20% of the beef requirements of the USA. Moreover, its supply chain expands beyond the US to Australia and Canada. The hacking of their systems leads to the company suspending its operations in several plants in the US and Australia as a part of preventive measures. JBS did not reveal the exact nature of the attacks, but they confirmed that they had backups in place. Having backups for the safety of data is a reassuring and fundamental requirement of a good cyber strategy.

Though JBS has confirmed that many of its operations were starting up again with its export products’ shipping, a disturbing question remains when attackers target food industries. The impact of such attacks means disruption of the supply chain of beef, which is a $1 trillion industry in the USA. In addition, cyber events like the JBS attack mean average Americans are doling out more for beef as they consume them more than any other country, including Europe. However, according to the industry experts, cattle harvesting and beef processing companies are still lagging in shoring up the cybersecurity infrastructure. The reality as that as the cost of food rises, there’s an unfortunate “trickle” down effect that affects the most economically vulnerable.

The ransom negotiation

The recent ransomware attack has been linked to a hacker group called REvil, based in Russia. According to CNBC, they are aggressive and flourishing malicious attackers of Russian descent and presumably protected by the Russian intelligence and Government. This underscores how troubling the trend of destabilizing our infrastructure is. If not committed with the intent of fulfilling a strategic gain, the criminal aspect of such a blow underscores a huge opportunity for those who would use such attacks to fulfil their geopolitical strategies.

As per JBS, they have paid a ransom of $11 million after negotiating it down from the initial demand of $22.50 million.

The attack forced JBS to shut down some of its plants on May 31 after discovering that REvil hackers breached the network and encrypted the data. This attack disrupted plant operations and supply chain logistics. JBS agreed to pay the ransom to avoid the stolen data being leaked in public and cause widespread losses due to technical shutdown. The ransom was paid to the Ransomware attackers in bitcoins the very next day. REvil did not post anything regarding the attack on JBS on its dark website. This is not unusual as hackers, as a rule, keep silent during the midst of ransom negotiations or when the ransom money is paid to them.

The technology used by most Meat processing industry today

The meat processing chain is complex and concentrated at consolidated locations. This bottleneck of meat processing operations was exposed during the Covid pandemic. The shutdowns affected the delivery of cattle to farms, as processing plants shut down for health reasons. Farmers and consumers were hit both on the supply side and pricing.

Until relatively recently, national security was meant for data in Government systems, including defense and private financial and IT sectors. Supply chain sectors in the food and agriculture sector were an afterthought to most.

The critical systems of the meat processing industry are linked to the health and environmental hazards where temperatures, wastewaters and harmful gases are monitored, ensuring a reduction in risk levels through critical control points in production technology. The systems that run on the plant floors are interconnected, including systems that control temperature, which is vital for preservation, packaging and distribution. Real-time dashboards allow executive managers and plant managers to ensure seamless operations.

The takeaway from this incident

This sector, along with a lot of others, is also known to be woefully behind other industries’ cyber maturity as far as the upgrading of infrastructure in IT technology is concerned. This incident has made it clear that the industries that we depend on, albeit, maybe indirectly are critical to our country’s stability. This means that all industries that fulfil a need must begin to critically look at each component of its IT infrastructure. Many of these secondary sectors operate on legacy IT systems that were installed years or even decades ago.

While governments drag their feet on responding to remote attackers, the defense mechanism against cyber-attacks is imperative at the local level. This event has underscored how important the security of all of our networks is to the safety and security of our citizens. A complete cyber strategy that focused on the Tools, Tactics and Techniques of current cyber threat actors is no longer a luxury, but a necessity.

Time for us to work smarter, not harder. For a complete cyber strategy consultation from the obvious next-generation endpoint security all the way up to a comprehensive, end-to-end 24x7 security solution that is centrally controlled and monitored by threat experts, contact Shadowscape today.


bottom of page