In this file:
· JBS Hackers Took Data From Australia and Brazil, Researcher Says
… stole data for several months…
· JBS Rebuffed Call to Boost Cyber Spending, Ex-Employees Say
… it wasn’t considered a priority and didn’t show an immediate return on investment…
· NDFB says cyberattack on JBS beef plant could have been much worse
… could have caused long-term massive impacts on national food security…
· Global Meat Supplier Operating Again After REvil Cyberattack
… It is not known whether JBS paid a ransom…
JBS Hackers Took Data From Australia and Brazil, Researcher Says
o Ransomware episode began with reconnaissance in February
o JBS says investigation has found no evidence of exfiltration
By Alyza Sebenius, Bloomberg
June 8, 2021
The hackers who used ransomware to shut down JBS SA, the world’s largest meat producer, explored the potential attack in February and stole data for several months from the food giant’s locations in Australia and Brazil, according to security researcher SecurityScorecard Inc.
The “reconnaissance” phase of the cyberattack, in which hackers learn about a target and where they might exploit it, began in February, according to a report from SecurityScorecard shared with Bloomberg. The research is based on multiple public and private sources of intelligence, observations on the dark web and investigative tools such as NetFlow -- which tracks digital traffic flows -- according to Ryan Sherstobitoff, vice president of cyberthreat research and intelligence at SecurityScorecard. The company plans to release the report Tuesday.
A spokesperson for JBS USA disputed the findings, saying it was inconsistent with a preliminary investigation conducted by third-party experts.
“We have discovered no evidence that any company data was exfiltrated, and no evidence that Brazil was impacted in any way,” said Nikki Richardson, the spokesperson...
JBS Rebuffed Call to Boost Cyber Spending, Ex-Employees Say
o Cyber improvements outlined in audit deemed to be too costly
o JBS says quick recovery evidence of company’s robust defenses
By Ryan Gallagher and Alyza Sebenius, Bloomberg
June 8, 2021
A few years before it was hit by a major cyberattack, the world’s largest meat producer, JBS SA, rebuffed efforts to spend more on cybersecurity because it wasn’t considered a priority and didn’t show an immediate return on investment, according to three former employees.
The employees, who worked in information technology and security in the U.S., said the company had commissioned a cybersecurity audit between 2017 and 2018, which identified weaknesses in the company’s infrastructure that hackers could exploit. The audit recommended the purchase of specialist monitoring technology that could detect possible intrusions, but JBS executives viewed the technology as too costly and declined to purchase it, said the employees.
While the audit was commissioned in the U.S., it had implications for the Brazilian company globally because some systems are interconnected, the employee said.
One of the employees described cybersecurity as a “back burner” issue at JBS, where the person said executives were focused on cost cutting. A second ex-employee shared similar concerns. The company was so focused on profits, the employee said, that it was difficult to push through cybersecurity improvements. The ex-employees requested anonymity as they weren’t authorized to speak publicly about their work with the company.
A JBS USA representative, Nikki Richardson, denied the former employees’ allegations about the company’s cyber culture...
Sophisticated Group ...
Cyber Scorecard ...
more, including links
NDFB says cyberattack on JBS beef plant could have been much worse
NDFB President Daryl Lies says last month's cyberattack could have caused long-term massive impacts on national food security.
by Josh Meny, KXNet (ND)
Jun 7, 2021
The Russian-based ransomware cyberattack on the world’s largest meat processing company, JBS, last month did not have a major impact on North Dakota cattle producers, because it was handled swiftly, but cybersecurity experts are warning that attacks targeting critical sectors of the U.S. economy are evidence that industry hasn’t been taking years of repeated warnings seriously.
For today’s Ag & Energy Insight, we look at what companies should be doing to protect themselves from cyberattacks that could cause far-reaching catastrophic impacts on society.
North Dakota Farm Bureau President and Douglas hog farmer, Daryl Lies, says the cyberattack didn’t have a direct impact on the majority of North Dakota livestock producers. Lies explains that North Dakota does not have a lot of feedlot operators, but the small ones we do have, were impacted by longer weight times at slaughterhouses.
A larger disruption to our food system could have long-term devastating impacts on multiple tiers and levels of our society. Lies explains Food security is just as important as military and energy, to national security.
“Those two things have been attacked in the last week by these cyber terrorists, because I think this is the new terrorism, holding hostage the ability to operate IT systems, that’s concerning going down the road. If they would have done this properly and they would have been able to lock up JBS for weeks at a time it could have had a massive impact on farmers and ranchers in North Dakota and across the whole nation for that aspect because they have 23 to 24 percent of the slaughter capacity of beef cattle in the United States,” explained Lies...
more, including links
Global Meat Supplier Operating Again After REvil Cyberattack
by Emily Tian, Organized Crime and Corruption Reporting Project (OCCRP)
08 June 2021
After a cyberattack linked to Russian hacker group REvil forced the world’s largest meat supplier JBS to shut down all of its systems, including plants in North America and Australia, the Brazil-based company has returned to full global operations. An expert said on Tuesday that attacked companies won’t tell whether they paid ransom.
The attack, which took place on May 30, affected servers that supported the company’s North American and Australian operating systems, according to a press release from JBS.
Since the company’s encrypted backup servers were not affected by the attack, JBS was able to limit the loss to less than one day’s worth of production, which it expects to recover by the end of this week. JBS USA CEO Andre Nogueria said in a separate statement that JBS and Pilgrim’s core systems were not affected by the attack, “which greatly reduced potential impact.”
According to the company, there is no evidence that any consumer or employee data was compromised as a result of the attack.
The FBI has attributed the attack to REvil (also known as Sodinokibi) and wrote that the agency is working to hold the responsible actors accountable. In light of the recent rapid increase in ransomware attacks on private companies, the FBI has also made cyberattack investigations a top priority, according to another statement released last week.
REvil is a ransomware-as-a-service operation, thought to be based in Russia, that has gained a reputation for the hefty ransoms it exacts on its victims. According to an analysis by antivirus software company Emsisoft, 4.6% of reported ransomware strains in the first quarter of 2021 can be traced to REvil.
There have not been any posts regarding the JBS cyberattack on REvil’s dark web site, known as “Happy Blog,” where they usually claim responsibility for past hacks. It is not known whether JBS paid a ransom. The company did not respond to requests for comment.
Andrew Grotto, a cybersecurity researcher at Stanford, told OCCRP on Tuesday that companies that have paid the ransom may not have an incentive to disclose that information to the public, unless they have reported obligations to their shareholders...
more, including links