JBS Foods attack shows how hackers target supply chains

Recently, JBS Foods, one of the world’s largest producers of meat, suffered a cyberattack, which is now shedding light on how cybercriminals are gaining access to supply chains as well as highlighting the need for solutions, prevention strategies, and cyber awareness in the supply chain industry. 

The attack, which happened last weekend, affected the meat producer’s U.S. and Australian supply chain operations with JBS confirming in a statement that it is working alongside an incident response firm to restore its affected systems as soon as possible. The attack highlights the vulnerability and fragility of supply chains, two qualities that make attacks and threats on them highly attractive to cybercriminals. 

Amit Yoran, Chief Executive Officer of Tenable and Founding Director US-CERT for DHS, said: “This is the most recent incident in a disturbing trend of cyberattacks that show just how fragile and vulnerable our supply chains and critical infrastructure are. The Colonial Pipeline attack shut down systems that supply 45% of the Eastern United States’ fuel, and the JBS hack has resulted in the shutdown of some of the largest meat processing plants in the world. 

He adds that the long-term effects of this attack could be severe if JBS is not able to reboot its systems soon. “These attacks have very tangible impacts that affect large swaths of the population, and it’s possible that we’ll see disruption across the global supply chain if JBS’s systems stay offline for more than a few days”, said Yoran. 

Understanding the risks and supply chain cybersecurity “is crucial”

Yaron emphasises that it is “crucial” that cyber risks, especially in critical business processes. "The foundation of our global food supply chains, transportation systems, and more are under attack because cybercriminals realise how disruptive and lucrative attacks targeting these systems can be. As more organisations undergo rapid digital transformation, we continue to see IT systems completely intertwined with operational technology (OT), which brings increased risk to critical infrastructure everywhere. We’ve been encouraged by the government's recent efforts to protect critical operational technology and control systems. 

“It’s equally important that our critical infrastructure, supply chain and logistics providers exercise a standard of care to safeguard their systems and the people who rely on them”, Yoran points out. 

Escalating concerns over the rise of cybercrime 

There are increasing concerns that cybercrime is getting bigger and bigger, meaning that supply chains, as well as other industries, may only become more vulnerable unless action is taken. 

Stel Valavanis, CEO of onShore Security, said: “What worries me is that cybercrime is possibly now getting big enough. It's getting big enough to crank up insurance rates. It's getting big enough to open up budgets. It's getting big enough to get lawmakers’ attention. It's getting big enough to shift the counter-efforts from private hands into law enforcement”. 

Referencing the SolarWinds attack, Valavanis continued: “If there's anything the SolarWinds attack showed us, it's that the criminals can get way more serious and Colonial Pipeline showed us is that it's a stake close to the heart. We in the cybersecurity industry already know this and SolarWinds isn't even the scariest attack. But you all are starting to see it too”. 

The JBS cyberattack has highlighted not just the importance of cybersecurity in the supply chain industry, but also how vital it is to understand how businesses can protect their supply chain operations from future cybercriminal activity. 

Neil Jones, Cybersecurity Evangelist at Egnyte said: "The recent JBS cyberattack, along with the Colonial Pipeline and Apple/Quanta cyberattacks that preceded it, demonstrate that your organisation needs to make cybersecurity a Boardroom priority if you haven't done so already. For years, cybercriminals have attacked targets for financial gain, but now we're seeing an alarming pattern of debilitating attacks on our food, critical infrastructure, and IP supply chain, which can have a crippling impact across the US economy. 

Jones also advises that businesses need to “implement proactive data hygiene and protective behaviors, such as patching your CVEs and hardening your databases now”. 

You can read our article explaining supply chain attacks in more detail here.