It’s sowing season in South America and cybercriminals are already harvesting. A cybercriminal by the alias ‘theredhand’ has offered to sell data leaked from Brazilian agrotech companies on a data breach forum.
The forum user claims to have data from over 150 companies that are linked to Brazilian agriculture, targeted because they take “financial advantage of Brazilian coffers” that are meant to be used for the preservation of the Amazon and biomes, among others.
According to “theredhand”, the companies targeted include state and private banks, non-governmental organizations, and private companies associated with the Brazilian agriculture companies.
Data leak from Brazilian agrotech companies
The hacker claimed to have accessed the systems after exploiting a front private company. The hacker accused the company of having no commitment to the cause it claimed to be having at its position.
The person also offered a symmetric key to decrypt the encrypted and exfiltrated data from the data leak of Brazilian agrotech companies.
With agriculturists increasingly employing technology to automate processes and gain better insights into weather conditions, crops, fertilization, etc., the attack surface has widened for cybercriminals to launch ransomware attacks.
The issue popped up in cybersecurity news in 2021 when the FBI warned the Food and Agriculture sector about the risks, after reports of over six ransomware attacks on grain cooperatives came out.
Targeted attacks on the agriculture sector during critical times
LockBit 2.0 ransomware attack on a multi-state grain company drew attention to targeted cyberattacks aimed to disrupt services. The target provided grain processing, fertilizer, seed, logistics, etc., which are part of the critical services required to be rendered during the spring planting season.
Although, a stitch in time also prevented a disaster from two ransomware attacks that were launched on a feed milling company in 2022.
Dr. Ali Dehghantanha, Canada Research Chair in Cybersecurity and Threat Intelligence at the University of Guelph, Canada, highlighted the need to increase cybersecurity in the agriculture sector before the issue goes out of reach.
On-farm smart technologies are getting adapted extensively in most countries to cater to the increasing demand for food, growing urbanization, and climate change.
Dr. Ali reiterated the need to secure interconnected devices that render precision agriculture technology. “But all those interconnected sensors, smart meters, cameras, and other devices leave farmers more vulnerable to data insecurity and potential cyberattacks,” he said in the university’s news report.
Speaking about state-sponsored hackers, he said that those are the cybercriminals that pose the maximum danger to the systems related to agriculture. Because it could result in disrupting networks, losing access to processes, losing crops, monetary loss, and affecting food security.
In the middle of wars or conflicts between two or more nations such as the Russo-Ukrainian war, targeting the food and agriculture sector can lead to breaking the opponent by impacting basic necessities.
Fixing smart farm machinery
A recent study by the University of Cambridge cautions that the future use of artificial intelligence in agriculture poses significant potential risks to fields, farmers, and food security. Currently, those threats are inadequately understood and underestimated, said the study.
According to a BBC report, agriculture manufacturing companies are now looking to work on vulnerabilities and fix issues in hardware and software to prevent global supply chains from threats.
In August 2021, an Australian researcher who goes by the nickname Sick Codes disclosed numerous vulnerabilities in tractor manufacturer John Deere’s systems.
“There is a real risk that people anywhere in the world could try and take control of these machines to get them to do whatever those people want…,” Chris Chavasse, co-founder of Muddy Machines, told the BBC.
