Why Are Hackers Suddenly Targeting the Agriculture Industry?

Reading Time: 3 minutes

Share:

Feed mills, commercial farms, and other agriculture industry businesses have for a long time enjoyed a relatively low risk from cyberattacks, storing minimal sensitive data and running few processes that would be targeted for cyber fraud. But suddenly a lot of agriculture-related business owners are finding themselves in the crosshairs of cyberattacks, specifically ransomware.

What Is Ransomware?

Ransomware is a form of extortion where attackers gain access to and take administrative control of key computing systems, encrypt applications and data, and then make ransom demands for the disclosure of the codes needed to the decrypt the encrypted data. Attackers are very hands-on in today’s ransomware attacks, using tools and techniques previously reserved for nation-state, financial and ecommerce breaches against small businesses unprepared to stop them.

Why Is This Happening Now?

farmer plowing his fields at sunsetWe are currently experiencing a perfect storm of factors that enable these attacks. Agriculture-related businesses have evolved their technologies to a point where information technology (IT) systems are a critical part of daily operations and communications, but security controls may not have kept pace with the increase in the use of IT. At the same time, the fast growth of Bitcoin and other cryptocurrencies has made it possible for overseas attackers to anonymously demand and receive payments even in the millions of dollars with little chance of being caught. Ransomware attackers can be especially malicious, for example, by deleting backups or threatening to post stolen employee data online to incent an organization to pay the ransom.

How Are Attackers Getting In?

There are two primary ways attackers are gaining footholds on networks for ransomware attacks: phishing and remote access services. Attackers are using targeted phishing attacks to steal passwords or install viruses that can give the attacker a backdoor into a network. Attackers target remote access services like VPNs and remote desktops with password-guessing attacks, only needing to guess one correct password for one employee in the company to gain access to internal systems. Once an attacker has this foothold, it is generally not difficult for them to exploit weak configurations and other weak passwords in the environment to get administrative access and begin encrypting data.

A Few Key Controls Can Help A Great Deal

As a best practice, organizations should have a comprehensive, risk-based information security program. However, implementing the following security controls can greatly improve an organization’s resilience to ransomware attacks:

  • Multi-factor authentication for all remote access services helps prevent network intrusions through stolen or guessed passwords.
  • A centrally managed commercial anti-virus solution helps to make sure that all computers have protections against emerging threats.
  • Use of passphrases (phrases using at least 15 characters) instead of typical passwords prevents many different attacks against weak passwords.
  • Thorough patch management for computer operating systems, third party software (like web browsers, Java and Adobe software) and firewalls helps to prevent exploitation of known vulnerabilities.
  • Protection of backups by storing backup data offline in a secured cloud or on an isolated network zone prevents an attacker with stolen network passwords from deleting backups.
  • Cyber insurance helps reduce the impact to the organization should a breach occur.

First Steps To Take

If you’d like more information about ransomware attacks or how Sikich can help you assess or improve your security posture, please contact your Sikich account representative or the Sikich Cybersecurity group’s sales team at 877.403.5227 or securitysales@sikich.com.

VISIT THE RESOURCE CENTER
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

SIGN-UP FOR INSIGHTS

Join 14,000+ business executives and decision makers

Upcoming Events

Latest Insights

View All Insights

About The Author

Kevin Bong

Kevin Bong

Kevin is a Director at Sikich and leads the penetration testing and forensic incident response teams. He focuses on helping address the information security and compliance issues faced by a myriad of institutions. Prior to joining Sikich, Kevin spent 12 years as a Vice President of a multi-billion-dollar financial group, leading the bank’s security and IT risk management activities. With his experience performing audits, penetration testing, risk assessments, and forensic investigations, Kevin provides invaluable guidance to institutions affected by standards such as those related to the FFIEC, NIST, HIPAA, and PCI. Kevin is the creator of the MiniPwner, a pocket-size penetration testing device used to gain remote access to a network. He’s also an author, instructor, and a speaker at conferences like RSA, DerbyCon, Security BSides, and WACCI. Kevin has a Master of Science Degree in Information Security Engineering from the SANS Institute. In addition, he is a Payment Card Industry Core Forensic Investigator and Qualified Security Assessor (QSA). Kevin has expertise as a Certified Information Systems Security Professional (CISSP) and as a Certified Information Security Auditor (CISA). Additionally, he is a Project Management Professional (PMP) who holds numerous Global Information Assurance Certifications (GIAC), including GIAC Security Expert (GSE), GIAC Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), GIAC Certified Perimeter Protection Analyst (GPPA), GIAC Security Essentials (GSEC), GIAC Certified Forensic Analyst (GCFA) and GIAC Assessing and Auditing Wireless Networks (GAWN).

©2022 All Rights Reserved.   Privacy Policy   Disclaimer

white sikich logo