Lactanet and Ontario Pork are two recent victims of ransomware attacks, joining other agri-food businesses such as JBS, Sollio Agriculture and Maple Leaf Foods.

Why it matters: Cybersecurity risks are increasing in the agri-food industry.

According to Canada Research Chair in Cybersecurity and Threat Intelligence Ali Dehghantanha, a key reason attacks on agriculture are increasing is on the rise is the industry’s increased data reliance, the Internet of Things and cybercriminals looking for easy, profitable targets.

“If it takes attackers 10 minutes to compromise your infrastructure, get into your network, initiate ransomware and ask you to pay for it — they won’t hesitate.”

He said most cybercriminals are opportunistic. They initiate a data breach, then monetize information on the dark web and extort the target to release encrypted information.

It doesn’t matter if you’re a small producer or a multimillion-dollar health care, financial or agricultural operation — if your system is vulnerable, eventually you will be a target, said Dehghantanha, who’s also an associate professor at the University of Guelph.

At the university’s Future of Cybersecurity in Agriculture event last month, he shared a story of how an Ontario dairy farmer called him one night at 10 p.m. because his IT system wouldn’t function.

Dehghantanha found that 80 (ITremove) servers were encrypted, indicating previous attacks. The producer admitted he’d paid hackers twice already, but the increase to a ransom of $25,000 this time was too much.

• RELATED: Be on-guard against electronic trespassers

During containment, eradication, and recovery, Dehghantanha assessed that the first sign of attack was three years ago, with increased activity over the last year and several “backdoors” integrated into the system.

“(Ransomware is) usually the very last stage of the attack,” because, Dehghantanha explained, before executing an attack, hackers thoroughly assess a system, install ransomware and backdoors for re-entry.

The client refused Dehghantanha’s offer of a free cybersecurity program in exchange for a few weeks of monitoring as part of an efficacy case study.

Within 20 days, his entire system, including the RFID reader, robots and backup system was encrypted and a US$9.999 million ransom demand was made.

He’s now part of the monitoring system.

State-sponsored hacking teams from countries such as Russia or China are less visible and focus more on disrupting systems, said Dehghantanha. For example, hackers could compromise the Canadian dairy system by accessing and reconfiguring software to falsify poor results when uploading milk quality reports.

It’s unknown whether a ransomware attack on Lactanet in mid-April was state-sponsored, but fortunately, the national dairy management and genetic organization was prepared which limited damage, and was able to avoid more than a temporary system disruption.

“We were either lucky or well-prepared to face that situation, so there was minimal disruption in the grand scheme of things,” said Daniel Lefebvre, Lactanet COO and Centre of Expertise director.

“We had a bit of disruption in our client access to our system, but in a preventative way while we were investigating.” Recognizing that cyberthreats were ubiquitous, Lactanet employed KPMG two years ago to run cyber-risk assessments, gradually implementing the recommendations. This included hiring a 24/7 Managed Detection and Response (MDR) team to work with staff cybersecurity experts. Lactanet’s cybersecurity education and training program includes running fake phishing campaigns that redirect employees to training modules after clicking on a potentially harmful link before granting system access.

“We’ll beef up those requirements following this attack to make sure it doesn’t happen again,” Lefebvre said, adding that compromised client credentials pose a negligible risk unless robots share the Lactanet password. “Then that’s another story.”

After acquiring an employee’s stolen credentials, where a work-related password was used for Amazon or a bank account, hackers gained system access via the Virtual Private Network (VPN). “I think it’s a pretty sophisticated ecosystem; there’s a market on the dark web for credentials,” he said. “When they buy a dataset of those credentials, they look at what are the companies involved or even specific employees.”

Initially, the changes to administrative passwords, server configuration and inactivation of protection mechanisms didn’t trigger an alert because they were within the compromised employee’s range of movement.

The brute force used to guess the IP phone system password exceeded the suspicious activity threshold, triggering the detection teams to monitor activity and respond to the threat. “They worked for about three hours together on the phone to monitor and look at what they were doing while the hacker was active,” Lefebvre explained. The hacker’s IP address was identified and blocked, the employee’s computer disconnected, and because the hacker remained active, the team initiated a preventative system disconnection from the internet and conducted a forensic system assessment.

Lefebvre said the attackers encrypted two servers holding source code for older system applications but failed to significantly impact the six server farms housing 300 servers on a mix of physical and virtual platforms. Additionally, Lactanet maintains three comprehensive backup levels housed separately, which allowed for a seamless reboot after a hack eight years ago. “We conduct disaster recovery simulations on a regular basis to make sure they work well,” he said.

“Backups are a crucial part of our protection because cybersecurity is one thing, but there are other risks related to data loss; it could be fire, flood or malfunction of hardware.”

Lefebvre said the company easily spends north of $150,000 a year on cybersecurity protection, as recovering from a day or two of service disruptions is manageable compared to the six weeks a European counterpart dealt with. “That’s at least a month of revenue that’s gone out the window, in addition to all of the service disruptions to customers.”

Lefebvre pondered if the industry should assess the benefits of shifting away from fragmented data systems towards a collaborative and co-operative centralized aggregated data system. He said it would be costly and take time but has proven successful in Denmark. “When you have events like this, it comforts the thought of spending all that money because not having it would put us in a much worse situation.”

No blanket solution

Ontario Pork chair Tara Terpstra said that despite ongoing staff cybersecurity training, the in-depth education cybersecurity experts provided after the organization’s breach was eye-opening.

“(At the time) it was just trying to stay calm and listening to what they were advising us to do and what steps to take. We were learning constantly.”

She said the experts simplified hacker communications and advised on safeguards to protect the organization’s system in the future. Because risk levels and protection perceptions fluctuate between individual producers, organizations or commodities, Terpstra said it is challenging to create blanket solutions for the agriculture industry.

Like biosecurity protocols, cybersecurity prevention could differ from operation to operation, with some employing basic standards and others engaging a more robust system. “We have to protect our farms and farm businesses from cybersecurity threats, not just disease threats, (and) it’s just one more thing we have added to how we run our every day,” she said.

Ontario Pork’s new cybersecurity protocol with multi-factor authentication protects the organization but providing producers with farm and business threat mitigation tools is a priority.

“We can give them tools on what to do, but we can’t force them to adopt them,” explained Terpstra. “Whether it’s a cultural thing or an age thing for those maybe a little more resistant to technology, they have to decide for their family farm.” Attacks on agriculture and agri-food operations are happening faster than Terpstra ever imagined, and with hacker technology advancing rapidly, all organizations will continuously invest in safeguarding their systems.

“I think it’s going to always just be this ongoing concern for us now,” she said. “(We) have to evaluate different things when it comes to cybersecurity planning, which is essential going forward in the world we’re living in.”

Cybersecurity attack management

Here are some tips from Dr. Ali Dehghantanha on what to do to prevent a cybersecurity breach, what to do during an attack (should it occur), and what to do afterwards.

To prevent a breach:
– Use unique solid passwords and limit farm system and sensitive information access to essential personnel.
– Educate your team cyber to recognize threats like unauthorized access to feeding systems.
– Conduct routine audits and simulations with security specialists and partner with trusted companies with strong cybersecurity measures before sharing data.
– Use updated systems and an encrypted Virtual Private Network (VPN) to separate home and farm business access.
– Proactively engage with cyber security professionals for assistance, utilize automated and remote monitoring systems.
– Always back up all information to external drives with no internet access and secure clouds and maintain detailed records of communications/transactions to identify discrepancies.

During a breach:
– Remain calm and immediately report the incident to your cybersecurity service provider. They will advise you on the next steps.
– Attempt to determine the scope and impact of the breach.
– Do not negotiate with hackers directly. Leave that to the professionals, they will negotiate for lower ransoms if necessary.
– Never pay a digital currency ransom with your virtual wallet; let the professionals handle that if payment is necessary.

After a breach:
– Monitor all systems to ensure they are safe and meet security standards.
– Preventatively identify and address system vulnerabilities to stave off future breaches.
– The evolution of cybersecurity measures is ongoing; keep up-to-date on current threats and educate employees on any changes.

The post Threat of agriculture-related cybercrime is rising appeared first on Farmtario.

“We’ve got a lot of great innovation and technology here in Canada, particularly in agriculture,” Cathy Lennon, general manager of the Ontario Federation of Agriculture, told attendees of a January cybersecurity webinar hosted by the farm organization.

“People may be interested in knowing more about the technologies, innovations or trade secrets contained in our computers.”

Why it matters: The agriculture sector is increasingly a target for cyberattacks.

While the main targets of cyberattacks are the healthcare, banking and energy sectors, agriculture is not immune. Attacks have occurred from inside and outside farming operations via disgruntled employees, animal activists or hackers.

In recent years, cyberattacks have cost Empire, the parent company of grocery chains Sobeys and Safeway, some $25 million in losses. JBS, the world’s largest meat processor, spent $13 million to recover systems and data and Maple Leaf reported a $23 million loss.

Lennon said the JBS hack impacted its processing plant and North American producers, who couldn’t ship their cattle until the ransom was paid.

“Why would someone hack into JBS and want their data and information?” asked Lennon. “For control?”

In response to digital threats, the University of Guelph recently launched a $4 million research and teaching innovation facility and offers a one-year master’s degree in cybersecurity and threat intelligence.

Its research indicates that cybersecurity standards in the agriculture sector lag in readiness and implementation, increasing its vulnerability.

“One of the biggest risks they’ve identified in agriculture is organizations are running on older and outdated software,” said Lennon. “And that’s a juicy target for ransomware.”

A simple solution is to itemize digital elements in the home and farm computing systems that require upgrades and updates. This includes wifi, software and operating systems, anti-virus software and subscriptions. Effective external hard drive back-ups and schedules are also recommended, as is a plan to update and close any gaps.

Lennon said each staff member should have a unique username and password that is routinely updated to eradicate access by former employees.

Incorporating two-factor authentication, password management software like Bitwarden or 1Password, and providing employees with cybersecurity training can defend against data breaches.

The human element

Cyberattacks rely on human error. Attackers hope a user will open an attachment or click on a link so they can gain access to data, programs and operating systems to freeze a computer, take remote control of farm operating systems, and alter data.

“(With password management systems), all you need to remember is your one strong password,” said Matt Harrison, OFA’s IT manager.

“And if, for whatever reason, one of those sites does get taken down or interrupted, you’re not losing any of your core passwords. You’re only losing a random one you have no tie to.”

He said Apple and Google-generated passwords stored on a password management system are hard to crack but they are vulnerable when stored on an open source like a computer.

Last Pass is the only password manager known to have had a data breach, and hackers only accessed client names, not accurate password combinations.

He cautioned that facial recognition software, while user-friendly, is less secure than unique passwords.

Lennon suggests discussing suppliers’ cybersecurity protocols and learning what personal or farm data they retain, to prepare against hackers and push the agriculture sector to increase its defences.

AI a new hacker tool

While most people are aware of phishing emails, AI is giving rise to new types of scams. These include vishing, where a phone call mimics a familiar voice, and smishing (scam text messages) that appear to come from a familiar sender. In those cases, the use of language may not be quite right, providing an alert that it may not be from the assumed sender. But the language is improving.

“We need to be aware that AI will start to make these conversations (and online interactions) we have with fraudsters more real,” Lennon explained.

“They’re going to be able to mimic and copy and communicate with us even better than they do today.”

Agriculture is increasingly reliant on technology in the barn for heating and cooling, watering and environmental systems, GPS or robotic milkers, all of which generate information and data, she said.

Attacks close to home

Lennon gave two farm-level cyberattack examples, both on Ontario farms in the past year. Hackers took command of a poultry barn’s environmental systems, demanded a ransom to return control, and threatened the livestock if the producer didn’t pay.

In the other case, animal activists commandeered a swine barn’s security cameras and threatened to release alleged animal abuse caught on film if the operation didn’t issue a false confession.

The hog producer resolved the issue quickly, realizing there was no video of abuse, said Lennon, but it highlighted a weak spot in cybersecurity.

The poultry operation faced a tougher decision: pay the ransom to unlock the system or risk birds’ lives.

“Imagine the impacts on your farm if it is interrupted for a day, a week, or a month,” she said. “These are some very real examples.”

The threat extends to control of operating systems, data manipulation and effects on system programs, all of which can put businesses at risk.

For example, given the number of robotics and automated tasks in a dairy, a hacker could compromise milking protocols so a treated cow’s milk enters the bulk tank instead of being segregated.

Agromart/Sollio’s accounting system breach two years ago made customer names, addresses, phone numbers, credit cards and, in some cases, cropping and personal farm information vulnerable to release on the dark web.

The company is addressing the long-term impacts of the attack through a class action lawsuit.

The OFA carries a cybersecurity insurance policy. However, well-developed farm-level policies that define terms and conditions, coverage and required protocols have yet to reach the market.

“The cost is so great. I believe this is an area the insurance sector is going to have to pencil out and figure out how to make this affordable and realistic as well.”

Lennon said cybersecurity must be carefully assessed and bolstered throughout the agricultural and food chain sector.

“What’s happening at the farm? What’s happening with those suppliers? What’s happening at processing? What’s happening at retail?

“Because the impact is so huge, how can you win? I think it will be a big step to start to have those conversations.”

The post Cybercrime is on the rise, and agriculture isn’t immune appeared first on Farmtario.

For Ali Dehghantanha, a cybersecurity expert and professor at the University of Guelph, the occurrence was both unique and alarming.

Why it matters: The agriculture sector is lagging behind other industries when it comes to cybersecurity readiness and implementation of cybersecurity standards. Cyber risks are growing and changing as malicious actors seek to cause market disruptions at multiple levels.

Dehghantanha is head of the university’s Cyber Science Lab, which offers a for-fee support service to those dealing with cyberattacks. While the number of cybersecurity incidents across Ontario’s agriculture industry has been rapidly increasing overall, he says the cashless ransomware attack against the family hog business – an incident he and his colleagues helped the family resolve – highlights what could become a wider trend in tactics used by special interest actors.

According Dehghantanha, the attack perpetrators claimed to have incriminating evidence showing animal abuse on the farm, including camera footage taken from what they claimed was a now-compromised surveillance system.

To release their hold on the farm’s network, the attackers wanted a public statement, from the business owners, admitting to animal abuse.

No such footage existed and claims of compromised cameras were false. Except for the demand for self-incrimination, the attack proved to be a standard, easily manageable ransomware attack.

“This was the first time working in this specific industry we have seen ransomware not asking for money. That would make our job much more difficult as we are dealing with adversaries whose motivation is not money,” says Dehghantanha, adding transfer of cash is often the riskiest part for those committing ransomware attacks because the movement of funds can be tracked.

“Prior to this we were not concerned with these small family food businesses…There was not a playbook for these kinds of situations.”

More accessible ransomware

Dehghantanha says his lab has been engaged with 20 cybersecurity issues reported from southern Ontario in the first half of 2023 alone – up from a mere handful in 2019. Awareness of cyber risk has likely played a role in higher reporting, but it’s also getting easier for bad actors to acquire harmful attack tools, including ransomware.

The agriculture and food sectors are underprepared for such threats. Dehghantanha says they lag other sectors, notably energy and health, by approximately five years. Remedying the problem would begin by establishing a committee or another body of industry representatives, technology experts, and others to design cybersecurity standards “rooted in the reality of the industry.”

“We must identify steps for farmers and businesses that can be gradually achieved to get to the same level. This has happened in energy and health sector so there’s no reason it can’t happen in agriculture sector,” says Dehghantanha.

“We need to identify a body responsible for receiving these standard reports from farmers trying to evaluate them and give feedback and work with them… If a farmer knows they are level two, level three, or whatever level they are, it would make it much easier for them to understand and improve.”

Awareness and practice

Stakeholders in the agriculture sector, such as Ontario Pork, say they are raising awareness about the ever-growing need for better cybersecurity. In an email received July 12, Ken Ovington, general manager for Ontario Pork, says the commodity group “routinely meets with cybersecurity experts and researchers to gather knowledge that can be used to create awareness and provide informational tools that are valuable to pork producers and the provincial pork industry.

“These types of cyberattacks are undeniably on the rise. As technology usage increases, so does the methods and sophistication of cyber criminals, so it’s crucial that producers, agricultural organizations and government continue to prioritize cybersecurity measures, stay vigilant, and collaborate to prevent future cyberattacks,” says Ovington.

Strategies used to prevent issues within the organization were listed as well, including cybersecurity training for employees. No comment on specific incidents, such as the ransomware attack on the family hog operation, was provided.

Julie Kuiack, Ontario’s Pork’s manager of marketing and communications, says her organization has not seen a noticeably higher trend in reports of cyberattacks from membership. She also says the organization is not aware of other ransomware attacks against individual hog operations, but the case outlined by Dehghantanha is concerning.

Awareness of and preparedness for cyber threats has generally improved in the agribusiness community, according to Russel Hurst, executive director for the Ontario Agri Business Association. That said, he divides the sector into three rough categories – those with well developed cybersecurity plans, those who have made little or no investment, and the “mushy middle” where improvements have been made, but further action is required.

Hurst says looking at the issue and remedial actions as a collective, sector-wide problem will be increasingly important, particularly if the goals of malicious cyber actors are explicitly designed to cause market chaos.

Easy steps to reduce personal and organizational risk include changing passwords, initiating two-step verification, and knowing which individuals have access to critical login credentials, such as bank accounts. Hurst says there is also value in having outside experts analyze and audit networks for cybersecurity readiness.

“OABA had an expert come in and audit our system. I think that’s a good thing – to understand where you’re vulnerable,” he says. That investment is tiny compared to what a cyberattack could cost.

“There’s a lot of money flowing through the sector. It would not be uncommon for a significant [farm] to be doing $4 or $5 million in sales…

“That’s where I would be really concerned. It’s a lot of cash, business transfers being done online. As the pace of business e-commerce has evolved, some of those businesses need to do a checklist (to) understand where vulnerabilities are, if there are any, and work with someone who does this every day.”

Like Hurst, Dehghantanha encourages greater awareness and preparedness. Establishing standards would help the agriculture sector improve overall security and potentially bring spinoff benefits like lower insurance rates for higher cybersecurity scores.

But individuals and organizations must also pay attention to the threat posed by cyber criminals focused on industry disruption over money.

“We don’t need to wait for a standard to work on awareness. If you have livestock, you could be on a target list.”

How to reduce risk

Cathy Lennon, general manager for Ontario Federation of Agriculture, described a number of simple but effective steps farm businesses can take to reduce their vulnerability to cyberattacks in a post on the organization’s website:

1. Make a checklist of all your current technology and ensure you’re using current software versions and systems.
2. Establish basic rules for your team to recognize where threats come from and what to do – or not do. Free online videos are available to help with training.
3. Ensure new systems or devices are set up properly. Ask suppliers what security the devices have and whether data is encrypted.
4. Don’t share passwords. Ensure passwords are strong, and update login credentials when an employee leaves the business.
5. Back up data and install valid anti-virus software, firewalls and malware detection systems. Keep these systems up to date.

“Ultimately, we need to think about cybersecurity on the farm like we do biosecurity – an investment into a best practice that, while not foolproof, will go a long way to minimizing or even avoiding risk,” writes Lennon.

“Yes, it can be tedious and there is some cost involved, but every day, week or year that we protect our businesses and prevent problems is invaluable.”

The post Hog farm targeted by ransomware appeared first on Farmtario.

According to Andrew Rose, digital security expert and executive director for CyberAg, an American cybersecurity organization, companies across the farm and food sector should take a more proactive approach to protecting vital electronic systems and all the information they contain. 

Why it matters: Cyber security has been comparatively lax in much of the agriculture and food sector, leaving it vulnerable to attack. 

In a presentation during the 2021 virtual Precision Agriculture Conference, Rose said cyber attacks on the sector are increasing. As a recent example, he cited John Deere’s experience of hackers who found an array of security problems in its X9 combine. 

While the hackers in the John Deere case were not acting in a nefarious context — they highlighted and reported the issues, from which Rose says the company has learned — other companies have not been so lucky. Meat processor JBS, for example, was crippled by a ransomware attack earlier this year and forced to pay millions to unlock its system. 

Individuals and criminal groups are not the only villainous skulkers of cyberspace. Rose says the risk of espionage and intellectual property theft by state actors, such as the government of China, is a real concern for agricultural companies and institutions.

He says China is now in its 14th five-year plan, a governance method originally crafted in the Soviet Union, where the government identifies its central goals for the next five years. Within the current plan is a $378 billion investment in research and development, and pursuit of agricultural technologies is highlighted. 

Given the time frame and enormous investment, Rose says it is unlikely every technological advancement will come directly from domestic research. 

“A lot of that money is used for what we might consider more espionage purposes,” says Rose, listing the country’s “1000 Talents” strategy as a means by which the Chinese government has acquired information in the past. The 1000 Talents plan, which recruits Chinese citizens that are successful entrepreneurs or have studied in leading universities abroad, is now being called a “foreign recruitment plan” by the Chinese state, according to Rose. 

Embracing good hackers, colloquially referred to as “white hat” hackers or “bug hunters,” is a good way for companies to test and improve their digital security systems, says Rose. Employing the services of individuals or companies that try to gain access to a system, either by digital means or by direct access to an office, helps fix problems and build muscle memory in responses to security breaches. 

“Embrace bug hunters. These are ethical people doing it for a specific reason and they’re performing a fantastic service… They allow you to fix and address those flaws,” he says. 

Employees are often cited as a company or organization’s greatest risk when it comes to cyber attacks. While true in a sense, Rose says the network and observation that employees provide can also make them essential security assets. 

More eyes wary for suspicious activity allow law enforcement and IT professionals to get ahead of potential issues. 

For this reason, Rose says everyone who encounters something suspicious or abnormal should report the incident. Within a company, that means talking to the IT department. In the United States, residents can report incidents directly to federal law enforcement via www.ic3.gov.

Rose adds that the United States and other countries are trying to be more proactive and aggressive in preventing cyber crime and intellectual property theft, with some success.

The post Ag-sector at high risk of cyber attacks, espionage appeared first on Farmtario.