JBS Foods, the world’s largest producer of beef and poultry, disclosed yesterday suffering a shutdown of plant production worldwide due to a cyber-attack. The attack forced the shutdown of the largest slaughterhouses in the world, which may yet cause a rise in global meat prices.
In a statement, JBS Foods stated “The company is not aware of any evidence at this time that any customer, supplier, or employee data has been compromised or misused as a result of the situation.”
The attack appears to be ongoing. As of current writing, the exact nature of the cyber-attack remains unclear, but signs indicate either a ransomware attack or a privileged access attack.
We compiled expert commentary on the JBS Foods attack. Here’s what they had to say.
Expert Commentary: The JBS Foods Cyber-Attack
Joseph Carson is Chief Security Scientist and Advisory CISO at Thycotic.
The latest cyber-attack targeting JBS once again reminds us how fragile the supply chain industry is today, especially when companies are highly dependent on IT systems. This appears to be a ransomware-style attack as the company stated that they are responding to the incident and restoring systems. However, that is yet to be fully confirmed. The good news is that their backup systems appear to be unaffected by the attack which shows that they have followed some industry best practices and have an incident response plan. But, these do not prevent cyber-attacks. Yet, they do make companies more resilient. Let’s hope this sets an example for other companies the importance of backup systems and network segmentation
Organizations have less control and visibility over the actual security that supply chains have put in place. For the most part, this tends to only be covered in legal contracts, rather than a true security risk assessment. Organizations must prioritize privileged access security to reduce the risks exposed in their supply chain security.
Hitesh Sheth is President and CEO at Vectra.
The JBS attack is one more signal of a disturbing shift in cyberwar strategy. It looks like a ransomware attack, but what’s really telling is the choice of targets. This is an important global supply chain moving essential goods to100 countries. The old conventional wisdom was that hackers were in it for the money. Add JBS to Colonial Pipeline and other strikes, and you get new conventional wisdom: they’re going after critical infrastructure like food and fuel supply lines, which strikes at public confidence. The motive here runs deeper than ransom. The question is, does our joint commitment to a more effective defense run equally deep?
Christoph Hebeisen is Director of Security Intelligence Research at Lookout.
While we don’t know the exact nature of the attack on JBS, the impact has strong parallels to the Colonial Pipeline case – a critical industry is hit by an attack and has to shut down production leading to financial losses and potentially shortages affecting large populations. Forcing a production shutdown may or may not have been part of the intention of the attackers. However, the impact of this compromise makes it clear that strong protections for IT infrastructure are becoming a business-critical imperative for all industries, including those whose core business does not have an immediately obvious data component.
Neil Jones is Cybersecurity Evangelist at Egnyte.
“The recent JBS cyber-attack – along with the Colonial Pipeline and Apple/Quanta cyber-attacks that preceded it – demonstrate that your organization needs to make cybersecurity a Boardroom priority if you haven’t done so already. For years, cyber-criminals have attacked targets for financial gain, but now we’re seeing an alarming pattern of debilitating attacks on our food, critical infrastructure, and IP supply chain, which can have a crippling impact on the US economy. While advocating support from your executive team, you need to implement proactive data hygiene and protective behaviors, such as patching your CVEs and hardening your databases now.”
Garret Grajek is CEO of YouAttest.
“Though the details of the JBS attack are not out, it’s a pretty safe bet that the method of intrusion involved credential theft and privilege escalation. Both of these are key components in the cyber kill chain, the identified method of attack of most exploits. Attackers find a weak way into the system, via stolen passwords, default account credentials, phishing, or some other means. From there, they use lateral movement across the enterprise and privilege escalation to obtain system access to important data. This is why account reviews and knowledge of privilege changes are imperative to a well-controlled enterprise.