The cyberattack on Jbs Foods, the world’s largest meat distributor, in June 2021 served as a stark reminder of the vulnerabilities within critical infrastructure, particularly in the food and beverage sector. This “organized cyberattack” targeted JBS Foods‘ North American and Australian IT systems, forcing the temporary shutdown of several plants and disrupting meat distribution networks. To regain control and resume operations after a three-day standstill at five meat processing facilities, JBS Foods reportedly paid a ransom equivalent to $11 million. This incident wasn’t just a blow to JBS Foods; it acted as a wake-up call for the entire food production industry and the broader manufacturing supply chain, exposing the escalating cyber threats facing essential sectors. This article delves into the systemic issues within the food and beverage industry that make it susceptible to such attacks and outlines how organizations can bolster their cyber defenses against threats similar to the JBS Foods breach.
Ransomware as a Service (RaaS) and the Echoes of Colonial Pipeline
The JBS Foods cyberattack bore striking similarities to the ransomware incident that crippled Colonial Pipeline just weeks prior. Both attacks saw IT systems compromised, compelling the companies to proactively shut down operational technology (OT) networks to contain the breaches. The immediate consequence was disruption to critical service delivery – fuel in the case of Colonial Pipeline, and meat in the JBS Foods incident – causing ripples of anxiety across financial markets and among consumers. Furthermore, both events pointed fingers at Russian-speaking threat actors, as indicated by White House statements.
According to sources cited by Bloomberg, the group behind the JBS Foods attack was identified as REvil (also known as Sodinokibi). REvil, like DarkSide – the group blamed for the Colonial Pipeline attack – operates as a Ransomware-as-a-Service (RaaS) entity. This model involves developing ransomware tools and infrastructure, which are then licensed to affiliates who carry out the attacks. RaaS groups are notorious for demanding substantial ransoms and threatening to leak sensitive stolen data if their demands are unmet.
The White House response to the JBS Foods cyberattack, as articulated by Press Secretary Jen Psaki, indicated that the Biden administration was considering all possible responses. The incident also elevated the issue of Russia’s alleged harboring of ransomware operators to a key discussion point in the upcoming meeting between President Biden and Russian President Vladimir Putin.
The food and beverage industry’s experience with the JBS Foods attack underscores the urgent need for robust cyber risk management in manufacturing and critical infrastructure environments. These sectors often rely on vulnerable legacy technologies, where operational downtime is simply not an option. Production giants like JBS Foods, responsible for a significant portion of beef and pork processing capacity in the US, operate around the clock. Any server or network downtime for essential security measures like patching and testing is a complex and costly undertaking, potentially leading to millions in losses. This inherent operational pressure further exacerbates the existing cybersecurity risks within the food and beverage industry.
Legacy Systems: A Lingering Vulnerability in Food and Beverage
Cyber threat actors have evolved beyond indiscriminate “spray-and-pray” ransomware tactics. They are now adept at identifying and targeting organizations with a low tolerance for operational interruptions, as clearly demonstrated by the JBS Foods hack. The food and beverage industry has unfortunately emerged as a high-profile victim, often succumbing to ransom demands to rapidly restore operational status. This vulnerability highlights the broader supply chain security challenges and the critical need to address them proactively. Colonial Pipeline, similarly to JBS Foods, reportedly paid close to $5 million in Bitcoin to obtain a decryption key, although reports suggest system restoration from backups ultimately proved more effective.
A significant underlying issue for food and beverage companies is their reliance on legacy operational technology (OT) systems. These systems, designed long before widespread internet connectivity, were not built with cybersecurity in mind. Digital transformation initiatives are now driving increased automation in food manufacturing, inadvertently exposing these previously isolated OT networks to a wide array of cyber threats from the internet. Claroty’s Biannual ICS Risk & Vulnerability Report has highlighted a concerning trend: a 56% surge in industrial control system vulnerabilities from 2019 to 2020 within the food and beverage sector, marking a sharp increase compared to previous years.
Within the food and beverage industry, meat processing plants are particularly vulnerable due to their often-underdeveloped cybersecurity programs. Despite the livestock industry’s significant economic contribution in many regions, cybersecurity maturity is often low, making meat processing facilities attractive targets for cybercriminals seeking financial gain. The JBS Foods attack vividly illustrates this point.
Strengthening Supply Chain Defenses: Key Recommendations
To safeguard the food and beverage supply chain, producers, manufacturers, and all stakeholders must prioritize proactive cybersecurity measures. Here are essential recommendations:
-
Achieve Complete Visibility and Continuous Monitoring: Companies must ensure comprehensive visibility across all systems and processes. Continuous monitoring for threats, whether targeted or opportunistic like the JBS Foods hack, is crucial. Establishing an accurate asset inventory is the foundational step for effective vulnerability management. This ensures that critical systems are regularly updated with security patches and that compensating controls are implemented where necessary.
-
Implement Network Segmentation: Network segmentation is a vital strategy to limit attacker movement within a network. OT networks are no longer isolated “air-gapped” environments. Segmentation acts as a compensating control, preventing attackers who have gained initial access (e.g., through stolen credentials or compromised Active Directory) from easily moving laterally across systems to steal data, deploy malware, or exploit vulnerabilities.
-
Regularly Test Incident Response Plans: Organizations must adopt a proactive approach to incident response. This includes regularly testing and refining incident response plans through tabletop exercises. Simulating cyberattack scenarios without disrupting production environments allows organizations to improve their response capabilities, enhance business continuity, and minimize the impact of real-world incidents.
The cyberattack on JBS Foods has unequivocally demonstrated the critical importance of cybersecurity for the resilience of the food and beverage supply chain and the broader manufacturing ecosystem. Cyber threats targeting critical infrastructure are rapidly evolving, with attackers exploiting expanding attack surfaces and shifting vulnerabilities. These threats are becoming increasingly bold, sophisticated, and damaging. Consequently, food and beverage companies must urgently reassess their cybersecurity strategies and invest in the necessary tools and practices to achieve both cyber and operational resilience, ensuring the continued security and stability of the food supply chain.
