fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

FBI Warns of Ransomware Gangs Targeting Food, Agriculture Orgs

FBI Warns of Ransomware Gangs Targeting Food, Agriculture Orgs

The FBI says ransomware gangs are actively targeting and disrupting the operations of organizations in the food and agriculture sector, causing financial loss and directly affecting the food supply chain.

The bureau’s Cyber Division issued this warning on Wednesday in the form of a TLP:WHITE Private Industry Notification (PIN).

These ransomware attacks can potentially impact a wide range of businesses across the sector, from small farms, markets, and restaurants to large-scale producers, processors, and manufacturers.

Ransomware gangs started focusing their attacks against this industry sector after food and agriculture orgs have become increasingly dependent on smart tech, industrial control systems (ICS), and internet-based automation systems.

“Food and agriculture businesses victimized by ransomware suffer significant financial loss resulting from ransom payments, loss of productivity, and remediation costs,” the FBI said.

“Companies may also experience the loss of proprietary information and personally identifiable information (PII) and may suffer reputational damage resulting from a ransomware attack.”

Also Read: How To Secure Your WiFi Camera: 4 Points To Consider

Paying the ransom won’t stop future attacks

According to the agency, the average ransom demand has doubled between 2019 and 2020, with the highest ransom demand reaching $50 million this year following a REvil ransomware attack that hit computer giant Acer.

The FBI Internet Crime Complaint Center (IC3) also received over 2,400 ransomware attack complaints amounting to adjusted losses of over $29.1 million during last year according to the IC3’s 2020 Internet Crime Report, after a massive 100% increase in received cybercrime complaints and adjusted losses of more than $29.1 million across all industry sectors.

“Separate studies have shown 50-80 percent of victims that paid the ransom experienced a repeat ransomware attack by either the same or different actors,” the FBI added.

The federal law enforcement agency also highlighted some examples of ransomware attacks impacting businesses in the food and agriculture industry, including :

  • In July 2021, a US bakery company lost access to their server, files, and applications, halting their production, shipping, and receiving as a result of Sodinokibi/REvil ransomware which was deployed through software used by an IT support managed service provider (MSP). The bakery company was shut down for approximately one week, delaying customer orders and damaging the company’s reputation.
  • In May 2021, cyber actors using a variant of the Sodinokibi/REvil ransomware compromised computer networks in the US and overseas locations of a global meat processing company, which resulted in the possible exfiltration of company data and the shutdown of some US-based plants for several days. The temporary shutdown reduced the number of cattle and hogs slaughtered, causing a shortage in the US meat supply and driving wholesale meat prices up as much as 25 percent, according to open source reports.
  • In March 2021, a US beverage company suffered a ransomware attack that caused significant disruption to its business operations, including its operations, production, and shipping. The company took its systems offline to prevent the further spread of malware, directly impacting employees who were unable to access specific systems, according to open source reports.
  • In January 2021, a ransomware attack against an identified US farm resulted in losses of approximately $9 million due to the temporary shutdown of their farming operations. The unidentified threat actor was able to target their internal servers by gaining administrator level access through compromised credentials.
  • In November 2020, a US-based international food and agriculture business reported it was unable to access multiple computer systems tied to their network due to a ransomware attack conducted by OnePercent Group threat actors using a phishing email with a malicious zip file attachment. The cybercriminals downloaded several terabytes of data through their identified cloud service provider prior to the encryption of hundreds of folders. The company’s administrative systems were impacted. The company did not pay the $40 million ransom and was able to successfully restore their systems from backups.

Increased risk of ransomware attacks on holidays, weekends

The FBI and CISA also urged organizations this week not to let down their defenses during weekends or holidays, given that ransomware gangs are increasingly more likely to hit their networks when everyone is out of office.

The two federal agencies warned that they “observed an increase in highly impactful ransomware attacks occurring on holidays and weekends—when offices are normally closed—in the United States, as recently as the Fourth of July holiday in 2021.”

The recent attacks on the networks of Colonial Pipeline, JBS, and Kaseya were given as examples seeing that they were all hit during weekends.

JBS, the world’s largest beef producer, paid an $11 million ransom to the REvil ransomware gang after a Memorial Day weekend attack. After a Mother’s Day weekend attack, Colonial Pipeline paid a $4.4 million ransom to the DarkSide group.

A large-scale REvil ransomware attack also hit dozens of Kaseya customers and up to 1,500 other downstream businesses over the Fourth of July weekend.

Also Read: Going Beyond DPO Meaning: Everheard of Outsourced DPO?

These warnings come after Deputy National Security Advisor Anne Neuberger urged US businesses to take ransomware seriously following the Colonial Pipeline and JBS ransomware attacks.

Interpol also asked industry partners and police agencies last month to work together to prevent what looks like a ransomware pandemic that’s quickly closing in.

As the FBI and CISA advised in this week’s joint advisory, organizations can take several actions to protect their systems and block ransomware attacks, including:

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us