A new report from threat intelligence agency the Food and Ag-ISAC (Information Sharing and Analysis Centers) outlines various cyber threats faced by the food and agriculture industries in the US.
Of all the different types of individuals and groups — frequently called “threat actors” — that carry out attacks, ransomware tops the list, accounting for more than half of all attacks in the US food and ag sector.
The Food and Ag-ISAC partners with the IT-ISAC to monitor ransomware incidents, and both publish quarterly ransomware reports.
“Ransomware is a threat across every critical infrastructure sector,” Jonathan Braley, director of the Food and Ag-ISAC, tells AgFunderNews. “One interesting finding from these reports is that ransomware campaigns are seen more frequently in other sectors. Food and ag generally represent about 5% of ransomware incidents reported.”
‘No way to measure total attacks against the industry’
The Food and Ag-ISAC found 25 different ransomware actors active within the food and ag sector, accounting for 53% of all threat actors the industry sees.
“One key difference between ransomware and other threat actors is that ransomware attacks tend to be opportunistic,” explains Braley. “[Threat actors] spread themselves out across all industries. Ransomware groups will scan the internet for vulnerable systems, leverage initial access brokers who have already breached organizations, and often they don’t know who the target is until they gain access to the systems
“In contrast, nation-state actors often target victims for specific motives. Some nation-state actors may be interested in valuable intellectual property, some may be carrying out espionage, and others may be interested in disrupting critical infrastructure.”
To date in 2024, he says, the Food and Ag-ISAC has seen around 2,400 ransomware attacks in total, with 138 impacting food and ag.
At the same time, he cautions that there is no way to measure total attacks against the industry.
“We can only report what we see and what was reported to us. Because ransomware groups publish their victims on public data leak sites, we can get a much better, but still incomplete, picture of the number of attacks that are happening.”
Other key findings
Meanwhile, 13 “nation-state actors” account for over 27% of scored threat actors in the food and ag sector, according to the report. Braley says China, Russia, North Korea and Iran are “the most frequently seen nation-state actors.”
Cyber criminal groups — that is, those carrying out attacks to generate income — account for 15% of threat actors, while “hactivist groups” account for 4%. The Food and Ag-ISAC defines hactivists as “threat actors who carry out cyber attacks as a means to disrupt victims who share a different ideological or political view. In some cases, hacktivists may carry out attacks for recognition.”
The top three tactics, techniques and procedures (TTPs) used to carry out attacks are:
- Readily available tools and “living off the land” tactics, which leverage tools and features already in the target system.
- Targeted spearfishing attacks.
- The use of custom malware or tools.
As to whether or not the agrifood industry is aware of the extent of these attacks, Braley says there is “growing awareness.”
“We have established partnerships with a range of trade associations to help their members effectively understand and manage risks.”
Small- and medium-sized enterprises, including farms, tend to be “less aware and prepared,” he noted.
“We often hear the sentiment that companies feel they are too small to be targeted by cyber attacks, but the opportunistic nature of cyber attacks, especially ransomware, means a company of any size is at risk.”
In response, the Food and Ag-ISAC has developed a free cybersecurity guide specific to small and medium-sized enterprises. It contains “effective low- and no-cost practices” food and ag players can take to protect themselves.
“We’re also sharing resources regularly that companies can grab from our website or social media accounts,” adds Braley.
Guest article: Farmers aren’t buying today’s ag robotics model. You shouldn’t either