BlackMatter, the high-profile ransomware group believed to have ties to the previously disbanded DarkSide, has allegedly launched an attack on the farmer's feed and grain cooperative known as NEW Cooperative. And, according to Bleeping Computer, the ask is substantial with BlackMatter presumably demanding a $5.9 million ransom.
“Critical infrastructure providers have targets on their back,” Cybereason CSO Sam Curry tells IndustryWeek. “Attacks might not always make headlines, but in this case the probability of disruptions to the grain and feed distributors in Iowa is high. Only time will tell if the ripple effect extends to other parts of the U.S. in the days and weeks ahead.”
According to Curry, there are many practical steps operators of critical infrastructure networks can take to reduce risk, including:
- Minimize the time it takes to respond to the ransomware attack: Minimizing damage and preventing a network from being taken offline is essentially the cat and mouse game being played by attackers and defenders. To keep hacking groups at bay, organizations need to minimize the time it takes to respond to a threat. This can be achieved by deploying threat hunting services around the clock.
- Design and operate with resiliency in mind: Resiliency and security can no longer be an afterthought. As new critical infrastructure systems are built and installed, legacy networks will be retired and taken offline. It is very important for next-generation systems to be built with resiliency and security in mind. The design and ongoing operation of the system must take into consideration what security threats will become commonplace in the months and years ahead.
- Partner with experts: Be sure to partner with experts with vast knowledge of ransomware threats. The public and private sector need to work together closely to protect this industry. Partner with a security company that can stay ahead of new threats and help operators address issues in real time.
- Test, test, test: It is critical that regular testing be a focal point in this sector. Tabletop exercises that enable a red and blue team to role play different catastrophic scenarios and the real time response to those scenarios is critical when having to actually have to deal with a threat in real time. Never underestimate the value of tabletop exercises in shoring up weakened defenses and helping executives understand the importance of security.
BlackMatter could very well be entering damage control mode if the U.S. government gets involved and furthers the investigation, explains Curry. “DarkSide couldn’t have foreseen the negative publicity it brought upon itself from the Colonial Pipeline attack, ultimately leading to its demise due to pressure from the federal government and the threat of sanctions on Russia,” he says. “BlackMatter should be careful what it wishes for and threatening NEW Cooperative to improve its negotiation tactics won’t sit well with many in the federal government tasked with the investigation.”
Potential downstream impact
As with other supply chains, one attack on an element of the food and agriculture supply chain fundamentally has a downstream impact on consuming businesses and consumers, explains Armis CISO Curtis Simpson, in a statement.
“Your favorite dish at a nearby restaurant or cut of meat at the butcher counter may simply be unavailable for some time or, much, much more expensive if it remains or becomes available again in the future,” says Simpson. “Product shortages as a whole can and have recently resulted in rushes by consumers to buy what they can of a product experiencing shortage issues before it's no longer available. This further exacerbates the overall supply challenges and raises prices for everyone across the board.”
Adds Simpson, “The food and agriculture industry is heavily reliant on connected machinery to power key aspects of the business. These connected machines are growing targets for bad actors due to most companies' limited visibility into risks and threats impacting these assets, their overall level of exposure to attacks (including through the exploitation of connected machines), and the high likelihood of being paid a ransom if the attack even approaches let alone impacts machine-driven operations,” he says.
Furthermore, it is often small companies enabling the food and agriculture supply chain, many of which were already impacted by the pandemic. "Any such attack could simply knock them out of business for good,” says Simpson. “Once again, as this happens, downstream operations ranging from foodservice providers to restaurants to hospitals and consumers will all have issues sourcing products.”
