Cyber attackers look for a tree change

In 2016, the Hollywood Presbyterian Medical Centre paid $23,000 in bitcoin as ransom to cyber attackers who seized control of its computer systems. But in making the payment, it unwittingly turned the global healthcare sector into a prime target for cybercrime. 

From a mass hacking attack event that locked up the UK’s National Health Care System computers and caused surgeries to be delayed in 2017, to a ransom demand that leaked Tasmanian ambulance patients’ prescription records and HIV status to the Internet earlier this year, the attacks on healthcare providers have proved merciless, relentless and very, very costly.

Now, a new survey of 1,000 agriculture, fisheries and forestry producers published by AgriFutures is warning rural industries are in a similar position to where the healthcare industry was before the first attack of 2016.

In the five years that have passed, more than $9 billion has been invested in ag tech, including $2.6 billion in the past 18 months. From intellectual property and agricultural research, to computerised machinery, lucrative personal and financial information saved at online payment portals, this new cache of data is the digital equivalent of low-hanging fruit.

Yet the sector has invested relatively little in cybersecurity. Only 16 per cent of those surveyed by Agrifutures said they had an incident response plan as they’d overestimated threats from activists and competitors while underestimating the risk of hackers. 

Many of those surveyed also admitted they had no idea who to contact for help in case of a cyber-attack.

“Australia’s agriculture, fisheries and forestry sectors are in a similar position to where the health system was five years ago – a slow but gradually increasing adoption of new technologies, with a largely unmanaged cybersecurity risk,” says AgriFutures spokesperson Georgina Townsend. 

The first sorties 

Last year, a hacker encrypted the files of Talman Software – a buying and trading system used by more than 75 per cent of Australian wool farmers, forcing the system to go offline. 

“The main impact is cash flow, especially for woolgrowers; they will be unable to get paid for the wool they intended to sell this week,” Sydney-based wool buyer Scott Carmody told the ABC at the time. “It means next week’s sale will be twice as big, and the extra wool quantities on offer may flatten out any prospect of an increase in price off the back of the low Aussie dollar.” 

Talman refused to pay the ransom, choosing instead to replace the software. But Australia’s largest meat processor JBS Foods didn’t have that option and was forced to pay hackers a whopping $14 million in Bitcoin to regain access to their IT systems when the company was attacked in June, resulting in 47 of their processing and packing plants in Australia, the US and UK to temporarily close. 

 “This was a very difficult decision to make for our company and for me personally,” JBS chief executive Andre Nogueira said in a statement, adding it was necessary to pay to protect its customers.

“eCrime operations are perpetually looking for new victims, especially among those larger businesses perceived to have a high capacity to pay,” notes Crowdstrike, a US cybersecurity company that observed a tenfold increase in interactive or hands-on-keyboard intrusions targeting agriculture in the US in 2020 compared to the previous year. 

“At the other end of the spectrum, smaller agricultural companies may be seen as soft targets, particularly those in the early stages of digitising their businesses with less mature security infrastructure and processes.”

The North Korea-China nexus

In July, Australia joined the US and other allies in accusing Chinese-government-linked hackers of attacking the Microsoft Exchange email system that compromised tens of thousands of computers and networks around the world. 

“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” Prime Minister Scott Morrison said. “This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure.”

The attack on Microsoft did not specifically target agriculture. But according to Crowdstrike, Chinese-government-lined hackers pose a huge threat to agribusiness companies and organisations.

Crowdstike issued a warning in its widely read blog post Hacking Farm to Table:  “China is the world’s largest agricultural producing nation, despite a limited amount of arable land relative to the country’s size. The sector accounts for approximately 10 per cent of China’s GDP and employs more than a quarter of the country’s workforce. For these reasons, China-nexus adversary groups engage in aggressive economic espionage campaigns to forcibly transfer proprietary technology and intellectual property from advanced industrial nations, with the goal of spurring economic development.” 

The second biggest threat it identified was North Korea: “Despite North Korea’s long-held ambitions to achieve agricultural self-sufficiency, efforts to modernise and expand the sector have faced repeated setbacks. These include a lack of arable land, widespread natural disasters and limited access to many crucial agricultural inputs due to North Korea’s government-controlled economy. In this context, we assess that proprietary information related to agricultural production would likely be a significant asset to the country’s agricultural programs.”

Four simple steps 

Following the attack on Microsoft and AgriFuture’s worrying survey results, accounting network BDO called on Australia’s agricultural sector to take urgent action to mitigate attacks.

“The health sector saw the risk that came with the digitisation of records and moved to rapidly improve and standardise cybersecurity risks,” says BDO Australia cybersecurity partner John Borchi. “This included allocating sufficient funds and focusing on the fundamentals of cybersecurity, whilst outsourcing functions that could not be performed in-house.”

Sophisticated, digitally-enabled businesses, such as intensive farm operations and automated farming systems, need more complex security. But for smaller, family-owned farms, simple solutions like antivirus software are often all that is needed.

“Australia’s rural industries are at the beginning of the cybersecurity journey,” Borchi says. “Now is the time for industries to act.”

What to do for some security

The Australian Cyber Security Centre (ACSC), says businesses concerned about their vulnerability to cybercrime can take four simple steps to protect themselves.

1. Patch all internet-connected devices within 48 hours. Patches are software and operating system updates that address security vulnerabilities within a program or product. And businesses, whenever possible, should use the latest versions of software and operating systems.

2. Use multi-factor authentication – a method in which a user is granted access to a website application only after successfully presenting two or more pieces of evidence or identification to an authentication mechanism.

3. Use  ‘event log forwarding’ – a protocol for Windows operating software that keeps track of the events logs of computers in the same network and computers that have infiltrated the network. This is vital because during investigations, the lack of logging information is a common issue that reduced results.

4. Become an ACSC partner to automatically receive threat intelligence you can use to take the earliest possible action to protect yourself online. Membership is free and you can apply online at cyber.gov.au

If you enjoyed this story on cyber attackers, you might like to read our feature on preparing for a COVID-safe harvest.