JBS Foods cyberattack exposed industry vulnerabilities to Russian hackers
Australia’s food supply is clearly vulnerable to cyberattacks, the director of a national cybersecurity firm warned, urging the industry to raise its standards on the anniversary of the JBS ransomware hack.
Last year, Russian hackers demanded an $11 million ransom from JBS Foods, the world’s largest meat processor.
The cyberattack halted the company’s global operations for five days, including several slaughterhouses in Australia.
Claroty’s Australian regional director, Lani Refiti, said the entire food and beverage supply chain in Australia is “uniquely vulnerable” to further attacks.
“It’s happening,” Mr. Refiti said.
“The question is not whether there will be a major attack on Australia’s food and beverage sector, but when.”
He said there would be a food shortage if another JBS-like incident occurred.
A few months after the JBS hack, laws were passed that recognized food and beverage as a critical national industry .
They led to mandatory reporting of cyber incidents and increased cybersecurity obligations for assets of national importance.
But Mr. Refiti said leading supermarkets, food distributors and processors are still far less secure than other industries.
“If you look at critical infrastructure like financial services, electricity, water, food and beverage are at the bottom of the list,” he said.
The Russia-backed hacker threat
The Australian Cybersecurity Center reported that cybercrime rose 13 percent last fiscal year, with losses of $33 billion, according to its own figures.
About a quarter of the 67,500 cybercrime reports the agency received last year involved critical infrastructure in Australia.
“Significant domestic and worldwide attention to essential services such as health care, food distribution and the energy sector has highlighted the vulnerability of critical infrastructure to significant disruption of essential services, loss of revenue and the potential for harm or loss of life,” the center said in its 2021 report.
Mr. Refiti said the surge in cybercrime has accelerated since the Russian invasion of Ukraine.
He said there has been much more coordination between countries and cybercrime groups over the past three to five years.
“Eastern European criminal groups are doing cybercrime as a service,” he said.
“Threat intelligence tells us that these groups are supported or sheltered by the Russian government.”
Last month, the center worked with cybersecurity authorities in the United States, Britain, Canada and New Zealand to issue a public warning that Russian state-sponsored hackers were targeting the critical infrastructure of “countries and organizations that provide material support to Ukraine.”
Animals, Food at Risk
The vulnerability of Australia’s food supply became abundantly clear during the pandemic, as shortages of some foods caused panic buying of many others.
Curtin University senior supply chain and logistics professor Elizabeth Jackson said a cyberattack could cause more problems than empty supermarket shelves.
“It’s animal welfare. You can’t just leave animals in the truck,” Dr. Jackson said.
A Woolworths spokesperson declined to be interviewed, saying only that “cybersecurity is an important part of our risk management system, and we welcome new legislation to help create a consistent standard for cybersecurity protocol in the broader supply chain.”
JBS Foods did not respond to requests for comment.
The JBS attack was one of several successful hacks targeting Australia’s food supply.
Lion, one of Australia’s largest milk and beer processors, behind brands such as XXXX, Tooheys, Pura and Masters Milk, was hacked and ceased production in 2020.
Toll Group, one of the largest food distributors in Australia, has been hacked twice and shut down in 2020.
“Anything longer than three weeks will cause severe [food] shortages,” Mr. Refiti said.
“These businesses are absolute targets,” Dr. Jackson said.
The technology is available
The Australian Cybersecurity Centre listed a number of attack types in its warning for critical industries, “including destructive malware, ransomware, DDoS attacks and cyber espionage.”
Mr. Refiti said malware attacks were a common way for hackers to extort ransomware and shut down entire companies.
“Malware can change, but real MO is simple and always works,” he said.
“All it takes is one or two people in an organization to open an infected file, and then it spreads like wildfire in an infected organization.”
However, he said there are ways to improve security.
“The Office to Combat Ransomware has been around for 10 years,” he said.
“It’s not hard to do in terms of process or technology.”
He said the financial sector has beefed up its security.
“It took a lot of credit card theft and identity theft for regulators to start acting and for the government to start holding these organizations accountable,” he said.
“I think the same thing will happen in the food and beverage sector.”