Multiple governments offering help after a cyber-attack, is indicative of just how critical and devastating its effects have been. Operating in 15 countries, with 245,000 employees and customers in about 100 countries; the sheer scale at JBS Foods is second to none. On Sunday, the world’s largest meat supplier fell victim to a ransomware attack from a criminal organization, bringing their Australian and North American operations to a standstill.
The incident follows a long list of recent ransomware attacks that have caused fuel shortages with the disruption of service for the Colonial Pipeline, beer production brought to a standstill at Molson Coors or empty shelves in Dutch and Belgian supermarkets. And if this isn’t enough, summer is nearly upon us and people are wanting to get out of the house, increasing traffic to restaurants and putting even more pressure on an already stressed food supply chain.
All of these incidents illustrate the need for cybersecurity to be a boardroom priority and organizations should ensure they can prevent, detect, and respond to these attacks.
White House Involved
Supply chains and logistics that keep our society moving are a particularly vulnerable target for ransomware attacks, and as we’ve seen, their devastating impact can encourage handsome ransom payments. While IT systems rapidly converged with Operational Technology (OT), the industry also exposed itself to an increased risk on critical infrastructure.
It can be tempting to classify this attack as yet another incident in a disturbing trend, but the mindset seems to evolve where there is a consensus to break the ransomware business model. The average payment handed over to end a ransomware attack more than doubled in 2020 to $312,000, compared with the year prior, according to a report by Unit 42, the research unit of Palo Alto Networks.
The fact that the White House contacted the Russian government about the matter and that the FBI is investigating the incident demonstrates what’s at stake when the world’s largest beef and poultry producer is forced to a standstill. Food production is one of the nation’s critical infrastructures as defined by the Department of Homeland Security.
Shared Threat Intelligence
With Cybercriminals having an IT and OT backdoor onto the company network, the traditional IT security stack with its agent-based solution does not properly extend to OT or IoT assets. The Armis agentless device security platform provides a different baseline for critical infrastructures by identifying, and classifying all types of assets: managed, unmanaged, IoT, OT and more. Though critical infrastructures may be a top target of nation states today, bad actors ranging from script kiddies to criminal organizations are targeting the vulnerable devices in all industries and sectors.
We recommend that you shift the focus from simply the devices themselves to the way these devices interact with your networks and other systems. For example, if Armis sees a device communicating with Command and Control servers indicative of compromise, Armis can alert security personnel to take immediate steps to remediate. Using machine learning and artificial intelligence, the Armis Device Knowledgebase with its 1B+ assets, millions of profiles and thousands of attributes can detect when a device is operating outside of its normal ‘known good’ baseline and trigger the appropriate actions.