FBI warns farm co-ops of heightened cyber threat in planting and harvest seasons

'Cyber actors may perceive co-operatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production'

Cyberattacks on agricultural co-ops are higher in the planting and harvest seasons, the FBI has warned.

The US crime agency says ransomware actors will choose these crucial seasons because it is more likely to disrupt operations, cause financial loss, and negatively impact the food supply chain.

It noted ransomware attacks during these seasons against six grain co-ops during the fall 2021 harvest and two attacks in early 2022 that could impact the planting season by disrupting the supply of seeds and fertiliser.

The notice adds: “Cyber actors may perceive co-operatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production. Although ransomware attacks against the entire farm-to-table spectrum of the FA sector occur on a regular basis, the number of cyber attacks against agricultural co-operatives during key seasons is notable.”

Last September, US agriculture secretary Tom Vilsack urged the country‘s agri co-op sector to improve cyber defences after Russian hackers struck against Minnesota-based farm supply and grain marketing co-op Crystal Valley, and Iowa’s corn and soy growers’ co-op New Cooperative.

The threat is not confined to the US.A A February 2022 Joint Cybersecurity Advisory from the USA, Australia, and the UK said ransomware tactics and techniques continued to evolve in 2021, with sophisticated, high-impact ransomware incidents against critical infrastructure organisations increasing globally.

“Since 2021,” says the FBI, “multiple agricultural co-operatives have been impacted by a variety of ransomware variants. Initial intrusion vectors included known but unpatched common vulnerabilities and exploits, as well as secondary infections from the exploitation of shared network resources or compromise of managed services.

Related: Credit unions and small FSIs under increased cybersecurity pressure

“Production was impacted for some of the targeted entities, resulting in slower processing due to manual operations, while other targeted entities lost access to administrative functions such as websites and email but did not have production impacted.

“A significant disruption of grain production could impact the entire food chain, since grain is not only consumed by humans but also used for animal feed. In addition, a significant disruption of grain and corn production could impact commodities trading and stocks. An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products and have cascading effects down to the farm level as animals cannot be processed.”

It makes a number of security recommendations to agri co-op and other organisations, including regular data back ups, implementation of data recovery plans, and contingency plans for manual systems and offline working in case online operations are knocked out.

Network segmentations should be implemented and all updates installed as soon as they are released, and protocols around strong passwords and regular changes should be observed.

Administrator credentials should be required to install software, user accounts audited and public Wi-Fi networks should be avoided, and hyperlinks in received emails should be disabled. Staff should be given cyber security awareness training, with regular updates on security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities, such as ransomware and phishing scams.

In this article

Join the Conversation