Are cyber attacks becoming more frequent or just more effective?
Just as fuel-supplies across the USA are starting to return to normal in the wake of the Colonial Pipeline cyber attack last month, on 2nd June it was revealed that the world's leading meat packer - JBS - had temporarily halted the slaughter of cattle at its USA and Australia plants including at its US headquarters in Greeley, CO.
The issue was caused once again by a cyber attack, suspected to have been carried out by a Russian organized crime group. Hackers compromised the corporations computer network, and demanded payment of a ransom before they would remove their rogue software and return control of computer systems to JBS.
Just as the Colonial Pipeline attack threatened the continuing supply of gasoline to the eastern United States causing shortages and panic buying, concerns are now rising about the impacts upon price and availability of meat that could be caused by even a temporary shutdown in meat production.
The impact of cyber terrorism on critical infrastructure
The attack on JBS and the Colonial Pipeline hack (which began on May 7th) are recent examples of what seems to be becoming an unfortunately regular occurrence. The Russian hacking consortium known as DarkSide hacked into the systems of Colonial Pipeline - whose oil and gas infrastructure supplies 45% of oil used on the east coast USA.
On May 14th, having given in to the demands of the hackers - paying a ransom of 75 Bitcoin (equivalent to around $5 million) - the pipeline was opened up once again. The hackers had seized 100 Gigabytes of sensitive data and had installed rogue software in Colonial's network which forced them to shut down the pipeline as a preventative measure.
With hackers having such a hold over Colonial, they felt powerless but to pay up. DarkSide had publicly stated that their intention wasn't to cause such severe disruption and that they were motivated by financial gain alone. Their efforts appear to have paid off!
After Colonial paid up, service was restored and the fuel shortages and increases in price that were being witnessed across the country will hopefully now cease. During the pipeline shutdown, the price of gasoline had pushed to a six and a half year high, above $3 per gallon.
Cyber - a threat to all businesses
What the Colonial attack demonstrated is that it's not just technology companies, banks or even private individuals that are being targeted by hackers. Instead criminals motivated by financial gain are now targeting industrial organisations including utilities and manufacturers like Colonial Pipeline and JBS. It would seem that the networks of such firms are often poorly protected and more susceptible to attack.
The impacts of attacks on these firms and upon end consumers has already proven to be significant and disruptive. The effects of their systems being compromised is felt across the country when consumer products become scarce as a result.
A growing threat?
The meat supply-chain in the USA has already been exposed as frail and had taken a significant hit due to the Covid-19 pandemic which forced occasional closure of meat-packers. This knocked on to production and the availability of products for end-consumers. Even a temporary shutdown for companies the size of JBS (the largest individual meat processor in the USA, responsible for a 19% market share) could be significant even if disruptions are brief.
There's a further potential issue that may emerge too. As similar attacks occur and the victim organisations are forced to pay ransoms to restore their systems, it may embolden other attackers to do the same as they chase a big pay-day. The disruption caused by the hacking is enough to make the victims pay the hackers(in the absence of a better response) - that in turn may make hackers more determined to find targets who will also pay the ransom demanded.
The best defence is a good-offence though - and hopefully attacks like those experienced by Colonial Pipeline and JBS will prompt other corporations to take more preventative actions in the hope of avoiding similar attacks.