Cyber-attacks on the Food and Beverage manufacturing industry
This blog looks at the Food and Beverage manufacturing industry, what potential attacks could occur within the Food and Beverage manufacturing industry, how organisations within the industry can prevent or minimise the effect of a cyber-attack, and how Industry 4.0 further increases an organisation’s exposure to cyber-attacks.
What is Industry 4.0 and why does it further increase an organisation’s exposure to cyber-attacks?
Industry 4.0 is essentially the integration of technologies such as the internet of things (IoT), industrial internet of things (IIoT), artificial intelligence (AI), and machine learning within their operations to increase the productivity and efficiency of the organisation’s operations. While industry 4.0 offers many benefits to organisations, it potentially exposes organisations to more cyber risks. When organisations utilise industry 4.0 technologies, it stores critical business data in the cloud or physical storage. It is used to control Operational technologies (OT) and Industrial Control Systems (ICS), keeping all devices and systems connected through the internet which potentially increases their attack vector and introduces a few securities-related problems.
Industry 4.0 means that everything is connected. Thus, if for example a computer within an organisation was infected with malicious software, it could potentially be used to extract important business data or control operational technologies for malicious purposes if organisations do not have appropriate security measures in place to prevent such attacks from occurring. Now that we know what industry 4.0 is and why it exposes organisations to more risks and vulnerabilities, let us go over some examples of cyber-attacks that occurred in the food and beverage manufacturing industry.
What are some of the different types of attacks that can occur within the Food and Beverage manufacturing industry?
The different types of attacks that could occur within the Food and Beverage manufacturing industry include but are not limited to:
– Ransomware: This is a type of malicious software that encrypts important files (makes them unreadable and unusable) and asks for a ransom if the organisation wishes to gain access to their files. Once the ransom has been paid, the malicious actor sends a decryption key to undo the effects of the encryption process.
– Malware: This is a type of malicious software that is specifically designed by malicious actors to cause damage to systems or to perform other malicious activities on systems such as extracting data or spying on infected systems. Malware can also lead to other types of attacks such as DDoS or ransomware.
– Distributed Denial of Service (DDoS): This is a type of network attack that is used by an attacker to disrupt or damage the network or services of the target organisation. An example of a DDoS attack is the “DNS Flood,” which attempts to send multiple fake DNS requests to the DNS server to make the DNS server unresponsive and no longer available to real DNS requests made by users, thus impairing internet connectivity.
– Spear Phishing/Spam: This is a type of attack that attempts to gain information from people by displaying content (such as an email) that looks like it came from a reputable source to gather information. This type of attack potentially can lead to employee credentials being compromised, theft of employee personally identifiable information (PII), and theft of money.
– Malicious insiders: These are employees, contractors or internal people that abuse their permission or privileges to perform malicious activities such as giving confidential information to business competitors to give them an unfair advantage, purposely sabotaging operations, or helping malicious actors gain access to organisation systems for a profit.
– Zero-Day Exploit: This is a type of malicious attack that occurs when a malicious actor discovers or purchases an exploit that hasn’t been reported or patched (fixed) by vendors yet and usually isn’t detected and quarantined by anti-virus software.
– SQL Injection: This is a type of attack that occurs when a malicious actor takes advantage of a vulnerable website or system that does not have appropriate security (such as validating input and escaping special characters) to input maliciously crafted SQL query to get information out of systems (such as customer usernames and passwords) that would otherwise be inaccessible to others without appropriate authorisation.
– Brute-force attacks: This is a type of attack that uses computers to attempt to break into an employee’s account or system by going through all possible username and password combinations in hopes to find the correct combination. These types of attacks usually take a long time, especially if organisations have systems in place that limits the attempts of logging in. A list of breached usernames and passwords can also be used to brute force through a system.
– Broken access control: This is a type of flaw that allows unauthorised individuals to view or modify information or data that they should not have access to, thus impacting the confidentiality, integrity, and availability of information and data. This type of flaw can cause unintentional data leaks or reveal sensitive organisation data to the public. While this is not a type of attack, it can potentially cause an organisation to be susceptible to an attack or data breach.
Now that we have gone over the different types of attacks that could potentially occur to organisations within the Food and Beverage industry, let’s go over some examples of these attacks occurring.
• JBS Foods pays $14.2 million ransom to end cyber-attack on its global operations.
In 2021, meat processing company JBS was the victim of a cyber-attack that affected its global operations. JBS was the victim of a ransomware attack that caused them to stop their operations worldwide for about 5 days; the attacker requested $14.2 million to decrypt the organisation’s files and to not extract any data from the organisation to sell them later to any unauthorised third parties. In this example, JBS chose to pay the ransom the malicious actor was requesting to stop the cyber-attack from continuing; however, it is generally not recommended for organisations to pay the ransom a malicious actor requests as there is always a chance that the malicious actor may not keep their promises. In Australia, it may be illegal to pay the ransom a malicious actor asks for under certain circumstances , therefore, it is suggested that organisations that are the victim of a cyber-attack should contact appropriate authorities instead. In this scenario, the impacts of the ransomware attack were loss of money to restore systems, loss of profits, interruption of business operations, loss of customer trust, multiple employee layoffs, an increase in meat product prices in Australia, and potentially loss of confidential business information such as intellectual property.
• Anonymous Didn’t Hack Us, We Leaked Our Own Data
In 2022, Nestlé was the victim of an attack that relied on the broken access control vulnerability to access and extract data that was accidentally made public for a short duration of time. During the short duration of time, the data was available, the hacking group Anonymous took advantage of this vulnerability and extracted 10 gigabytes of data from Nestlé and threatened to release the data to the public if Nestlé didn’t stop their operations in Russia . It was later discovered that the leaked data Anonymous had retrieved from Nestlé was simply dummy test data uploaded to a test website that didn’t include any private data that would affect Nestlé in any way. In this scenario, the leaked data didn’t affect Nestlé in any way, however, if the leaked data was real, it could have potentially caused more harm such as causing the loss of important business data, loss of customer and employee trust, loss of proprietary information, potentially the loss of money due to not being able to trade in a certain country, and important business data such as employee credentials publicly shared or sold online.
• Russian hackers target Iowa grain co-op in $5.9 million ransomware attack
In September 2021, New Cooperative, a farming organisation that provides products such as corn, soy products, and various meat produces, was the victim of a cyber-attack that installed ransomware on their systems. The ransomware encrypted all compromised system’s files and extracted 1 Terabyte of important data including invoices, research and development data, and the source code for their proprietary soil mapping technology; the ransomware actor BlackMatter threatened to release all of their leaked information out to the public if they do not pay the requested ransom of 5.9 million dollars . In this scenario, the impacts of this ransomware attack were loss of important business data, potentially important business data being shared or sold to unauthorised 3rd parties, death of animals (Feeding Schedule of animals interrupted), food supply shortage, increase in food prices, loss of revenue, cost of repairing affected systems, and loss of control on critical infrastructure used for grain production and feeding animals. This scenario shows that while industry 4.0 can provide many benefits (such as automation of processes) to organisations, it can also introduce a few flaws in processes where threat actors can take advantage of vulnerable critical infrastructure by installing ransomware on systems and completely halt critical infrastructure processes.
• KP Snacks warns of supply disruption after cyber-attack
In January 2022, KP Snacks, a food supplier that provides snacks such as potato chips, popcorn, and pretzels, was recently discovered that they were the victim of a cyber-attack that installed ransomware on their systems. The ransomware attack encrypted KP Snack’s systems and demanded a ransom to restore the system before the incident occurred. As a result of the ransomware attack on their systems, KP Snacks was experiencing supply issues and was unable to process and fulfil any orders made by stores. Delays are expected to continue until late March at the earliest . The attackers later made a post on the dark web stating that they would release all the information they collected such as credit card statements, birth certificates, employee contracts, and home addresses, if they did not pay the ransom in time. Additionally, the attackers posted sample data as proof . In this scenario, the impacts of the ransomware on KP Snacks were that data such as employee, financial, and business data was stolen and will be released to the public if the ransom is not paid. This links to loss of employee trust, loss of customer trust (shops), loss of revenue due to lack of production, increase in product prices due to supply and demand, and potentially loss of money due to the cost of repairing systems that were affected during the ransomware attack.
Now that we’ve gone over the different types of attacks that could occur to organisations within the Food and Beverage manufacturing industry and some examples of such attacks occurring, let’s go over what organisations can to do prevent such attacks from affecting them.
What can organisations within the food and beverage manufacturing industry do to prevent or reduce the effect of cyber-attacks?
• Using Multi-Factor Authentication (MFA): The usage of Multi-factor Authentication is highly recommended as it can prevent malicious actors from accessing employee accounts without having access to a one-time access code needed to complete the authentication process. As a result of implementing MFA, attackers will not be able to log into employee accounts with just the username and password of an employee.
• Using Cyber Insurance: The usage of Cyber insurance is recommended as if an unexpected incident occurs, a cyber insurance company can provide support and funds to help organisations recover from a cyber incident (or a technology-related incident) and deal with the aftermath of the cyber incident.
• Implementing a password policy within the organisation: A password policy is recommended as this ensures that employees use a password that meets industry standards. An example of a password policy would be ensuring employee passwords are at least 8 characters long, have special characters, including numbers, and are changed once every 3 months.
• Regularly backing up and encrypting data: The usage of backups is important as in the case of a cyber incident, this backup can be used to restore systems to their “before incident” state. Encrypting this data is also important as it provides additional security in case this backup is stolen.
• Discontinue the use of outdated systems and software: The usage of outdated systems and software should be discontinued as they can potentially create additional attack vectors within the organisation that can be used to exploit the system or network. if organisations require the usage of outdated systems or software, they should use a separate system that is disconnected from the rest of the organisation network to ensure that if this vulnerable system is infected, it does not spread throughout the network to other systems.
• Increase employee awareness of cyber issues: Employees should be regularly trained on cyber security issues to increase their awareness of issues such as social engineering, phishing attacks, employing good password security, never sharing their credentials or information, using anti-virus software on their personal machines, and keeping their systems up to date. It is essential that training is given out regularly as information tends to fade away after a period of time.
• Keep systems updated regularly: It is recommended that organisation systems should be updated regularly as this can help fix vulnerabilities that were recently discovered and can provide additional fixes that can increase software stability and reliability. It is recommended to update regularly (weekly) as new vulnerabilities are discovered daily and used against vulnerable devices as soon as they are found.
• Use an Authentication and Authorisation system: The usage of a working authentication and authorisation is essential as this system can prevent unauthenticated (non-employee) users from accessing system resources (such as files and information). Authorisation is also important as it prevents users from accessing files that they should not have access to. Authorisation is important as employees should only have the authorisation (permissions) to view and access information that is required for their job.
• Use Anti-virus software and firewalls: The usage of antivirus software is highly recommended as it can help detect malicious software or files and prevent them from damaging the system by stopping them before they do any damage; a firewall is also recommended as it can be configured to ensure only authorised traffic will pass through and unauthorised traffic will be blocked out and dropped.
• Monitor system logs: The usage of system logs such as network logs is very important as it can log important information such as a suspicious IP receiving data from an IP within the organisation can indicate that an attack is occurring and alert the organisation to look into other logs to find out if an attack occurring or not.
In this blog we have learnt what are the possible types of attacks that could occur within the Food and Beverage manufacturing industry, some examples of such cyber-attacks occurring, and methods organisations can use to prevent or reduce the effect of a cyber-attack.
Due to the increase in ransomware attacks on the Food and Beverage manufacturing industry, it is recommended that organisations implement some of the methods mentioned, as they can potentially assist organisations in reducing the effect of a cyber-attack and help them recover from a cyber-attack as effectively and efficiently as possible.
References available upon request.