A new ransomware-as-a-Service gang, BlackMatter, is targeting farming companies, US government agencies warned this week. The industry relies on technology which is often left unsecured, making it a prime target for hacking gangs, experts say.
A warning released earlier this week by the FBI and cybersecurity agency CISA highlighted the threat posed by BlackMatter, which is said to have been targeting critical infrastructure. “Ransomware attacks against critical infrastructure entities could directly affect consumer access to critical infrastructure services; therefore, CISA, the FBI, and NSA urge all organisations, including critical infrastructure organisations, to implement the recommendations listed in this joint advisory,” the statement said.
Is BlackMatter targeting national infrastructure?
In September, BlackMatter attempted to extort $5.9m from Iowa farming collective The New Cooperative, but was unsuccessful because the company managed to proactively take its network offline to minimise the damage. A week later the gang targeted a grain co-operative, Crystal Valley, with a similar attack, though it is not known what level of ransom was demanded or if it was paid. These agriculture cyberattacks took place during the harvest season, a key time for the industry.
While the announcement talks of attacks on national infrastructure, David Emm, principal security researcher at cybersecurity company Kaspersky, thinks the gang is instead prioritising industries like agriculture where defences are weak. “As we become more connected, the potential attack surface becomes bigger,” Emm argues. “There are areas, and agriculture is one of them, which are viewed as machine-intensive industries, but not necessarily ones that are computer based. And yet, if you look at modern equipment like tractors and combine harvesters, they are very definitely computer controlled.”
Indeed, BlackMatter itself claims it is staying away from critical infrastructure, but does not consider food companies to fall into this bracket. In what is apparently a snippet of an exchange between the New Cooperative and the ransomware gang, posted on Twitter, BlackMatter says the farming company “does not fall under the rules” of organisations that are off-limits for attacks because its losses will be financial. “Critical [infrastructure] is that vital to the needs of a person,” the message reads.
Agriculture cyberattacks: why is the industry vulnerable?
For agricultural businesses, new sensors, connected devices and networks that are connected to the internet but not secured sufficiently are low-hanging fruit for cybercriminals. “Internet of Things (IoT) devices are common targets or points of entry for attackers because they often receive reduced security hygiene and support,” says Paul Prudhomme, head of threat intelligence advisory at IntSights. “Many users do not update IoT firmware, change the default passwords of IoT devices, or monitor them for potential security incidents. Any IoT devices that agribusinesses may have introduced into the industrialisation of their agricultural processes are likely to become targets.”
If agricultural companies want to secure themselves against such threats, they need to take a holistic approach to their security, Emm says. “It’s so important for organisations to look at security in the round,” he explains. “Is it protected? Is it being kept up to date? What are our systems like in terms of setting passwords? What are the requirements for that? If somebody leaves the company, are we closing up their accounts or they can’t access it? All of those things are really important because any one of them could potentially be looked at by an attacker.”