The latest roundtable discussion from Security on Screen analyses the recent cyber attack on major meat supplier, JBS which has subsequently set off a domino effect to aspects of the global supply chain and exposed critical vulnerabilities in global infrastructure
US meat distributor, JBS was targeted by a sophisticated cyber attack last week which subsequently affected servers supporting the company’s IT systems in North America and Australia.
According to the White House, the company believes the ransomware attack originated from a criminal group likely based in Russia and could lead to shortages of meat or raise prices for consumers. “The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbour ransomware criminals,” said White House spokeswoman Karine Jean-Pierre in a statement.
On Tuesday, Australia’s Minister for Agriculture, Drought and Emergency Management David Littleproud tweeted, saying the company is working closely with law enforcement agencies and in Australia and overseas to get operations back up and running and “to bring those responsible to account.”
Avoiding the ‘victim rhetoric’
Today, JBS has reportedly made “significant progress” to resolve the attack and would have the “vast majority” of its plants operational by the end of this week. A second shift at its Greeley, Colorado facility, one of the largest beef plants in the US, was set for a regular production day, while plants in Texas, Nebraska and Wisconsin were resuming partial operations
Sam Curry, Chief Security Officer, Cybereason comments: “Kudos to JBS for their initial response and transparency regarding the cyber attack against their company. Companies can play the role of hero in these instances and not try to be the victim. Trust me that customers, partners and investors want no part of victim rhetoric.
“The key to JBS and other companies restoring systems and being operational again in as short amount of time as possible hinges on quickly identifying the risk, addressing it with a security team and, if necessary, working with law enforcement officials to root out the bad actors. There are many steps needed to work toward operational efficiency.”
“While their systems went down, their ‘backup’ systems were not affected and they are working to get back online,” adds Steven Hope, CEO and co-founder of Authlogics. “No data leakage as it relates to GDPR, has been disclosed, however, this may still happen once the full nature of the attack is known. The ‘backup’ systems could be a parallel infrastructure, but if that was the case a lengthy outage is unlikely.”
‘Meet fire with fire’
Hope continues: “A key to this breach will be to understand how the hackers originally got in and make sure this door has been firmly shut. All too often though these type of breaches are the result of users having breached/poor passwords making it easy for the hackers to surpass any security.
“It is more plausible that this was a ransomware attack that encrypted their data, but as the backup of the data was unaffected they will be able to restore it once the ransomware is removed. This can be tricky as if you miss one piece of the clean up the malware will re-encrypt the newly restored data.”
Curry suggests, “Companies should set up a war-room and assume compromise. Invest now to ratchet up prevention, detection, reducing single-points-of-failure, improve resilience and start doing regular risk assessment and get more agile.
“You can meet fire with fire. Do not just buy more of the same old stuff. We must do things differently every morning. This is about how fit we are, and that requires change and active self-awareness and improvement every single day. This is not about more routines, more meetings, more consultants, and more of the same.”
The JBS attack comes just several weeks after the Colonial Pipeline attack which forced a six-day shutdown of one of the United States’ largest fuel pipelines, but has since now returned to normal operations.
Christoph Hebeisen, Director of Security intelligence research at Lookout says: “While we don’t know the exact nature of the attack on JBS, the impact has strong parallels to the Colonial Pipeline case – a critical industry is hit by an attack and has to shut down production leading to financial losses and potentially shortages affecting large populations.
“Forcing a production shutdown may or may not have been part of the intention of the attackers. However, the impact of this compromise makes it clear that strong protections for IT infrastructure are becoming a business critical imperative for all industries, including those whose core business does not have an immediately obvious data component.”
It appears that the successive cyberattacks of JBS and the Colonial Pipeline reveal the ageing and vulnerable sites of infrastructure, in addition to the way in which attacks can rapidly cascade throughout the supply chain. With 22,500 cattle processed every day in the US, this crucial industrial component of the national food supply chain might remain vulnerable to future cyberattacks, without a serious overhaul of digital infrastructure.
Martin Jartelius, CSO at Outpost24 concludes by saying: “This attack shows the increased complexity in today’s organisations and the potential impact of cyber-attack, it is often speculated to what level for example a nation-state actor would interfere with food production, processing and distribution as part of attacks on a modern society and this here is a clear example on how a digital attack can affect even the ability to properly and effectively care for cattle.”