Cyber Focus: Food manufacturing

Published 24 June 2021

The recent ransomware attack on the Brazilian meat processing company, JBS S.A. attributed to REvil / Sodinokibi is an example of both the wider wave of ransomware attacks we have seen but also the impact that such an incident can have on the manufacturing industry, specifically food. The attack on JBS is aligned with our own experience where attacks have hit manufacturers, with substantial impact on their intricate supply chains.

The food industry, like most other industries, has undergone a rapid evolution into the ‘fourth industrial revolution’. There is a continued move towards the automation of the food industry, and perhaps even more so since the pandemic struck. Reliance on automated technology decreases the reliance on a workforce susceptible to infection and other health risks.

Whilst JBS appears at first to be one of a few high profile attacks on the food industry, our own experience, and that in the market, shows that this was one of many. Wine manufacturer Gallo was hit by the same variant, REvil earlier this year and Molson Coors was also shut down for a number of weeks.

We have worked with food manufacturers and distributors hit by other variants, where the focus has been on restoration of operation rather than data exfiltration.

Food manufacturers often have a small number of employees and, as a result, the likely impact on those employees following data exfiltration is likely to be limited. Further, the majority of communications are made B2B meaning limited client data would also be impacted.

The greater concern is larger companies who hold confidential trade secrets and confidential client information, which is at risk of publication and, therefore, likely to cause public embarrassment. Some of those trade secrets are closely guarded, and publication on the dark web following exfiltration may lead to attempts to acquire that data and manufacturing information.

Given the perishable nature of food, the food manufacturing supply chain is under constant pressure to keep products moving. As such, this level of demand creates an opportunity for attackers due to the victims’ need to prevent delays. This in turn, could result in victims making large ransom payments to continue the production line. That being said, the threat from terrorist organisations, seeking to harm members of the public to advance a political agenda through cyber attacks still remains.

This should also be considered against the backdrop of recent developments following the Colonial Pipeline attack. Some cyber-criminals have stated publicly that their intent is limited to raising money and not to causing wider social disruption, such as substantial impact on the supply of food to individuals.

Most recently, Darkside, the Eastern European group responsible for the Colonial Pipeline attack on 7 May 2021, published a statement on its website that "Our goal is to make money and not creating [sic] problems for society". They also described themselves as “apolitical” and asserted that "We do not participate in geopolitics, do not need to tie us with a defined government and look for... our motives…"

Against the backdrop of the rise in ransomware, it was only a matter of time until a manufacturer such as JBS was targeted. It has raised some clear cybersecurity issues in the food sector. JBS certainly will not be last to be targeted.