Meat producer JBS USA hit by cyberattack

June 2, 2021

JBS USA - a global provider of diversified, food products, and leading processor of beef, pork and prepared foods in the U.S., Canada and Australia - has been the target of a cyberattack, affecting some of its servers supporting its North American and Australian IT systems.

According to JBS, the company took immediate action, suspending all affected systems, notifying authorities and activating the company's global network of IT professionals and third-party experts to resolve the situation. The company’s backup servers were not affected, and it is actively working with an Incident Response firm to restore its systems as soon as possible.

The company is not aware of any evidence at this time that any customer, supplier or employee data has been compromised or misused as a result of the situation. "Resolution of the incident will take time, which may delay certain transactions with customers and suppliers," the company says.

Joseph Carson, chief security scientist and Advisory CISO at Thycotic Centrify, says, "The latest cyberattack targeting JBS once again reminds us how fragile the supply chain industry is today, especially when companies are highly dependent on IT systems. This appears to be a ransomware-style attack as the company stated that they are responding to the incident and restoring systems. However, that is yet to be fully confirmed. The good news is that their backup systems appear to be unaffected by the attack which shows that they have followed some industry best practices and have an incident response plan. But, these do not prevent cyberattacks. Yet, they do make companies more resilient. Let’s hope this sets an example for other companies the importance of backup systems and network segmentation

Carson adds, "Organizations have less control and visibility over the actual security that supply chains have put in place. For the most part, this tends to only be covered in legal contracts, rather than a true security risk assessment. Organizations must prioritize privileged access security to reduce the risks exposed in their supply chain security."

Christoph Hebeisen, Director, Security Intelligence Research at Lookout, notes, "While we don't know the exact nature of the attack on JBS, the impact has strong parallels to the Colonial Pipeline case - a critical industry is hit by an attack and has to shut down production leading to financial losses and potentially shortages affecting large populations. Forcing a production shutdown may or may not have been part of the intention of the attackers. However, the impact of this compromise makes it clear that strong protections for IT infrastructure are becoming a business critical imperative for all industries, including those whose core business does not have an immediately obvious data component."

Like natural disasters, ransomware attacks make clear our reliance on supply chains which are susceptible to relatively small scale and short term disruptions, says Oliver Tavakoli, CTO at Vectra. He explains, "While such attacks clearly will be a big deal for the victim organizations – and we can lament the fact that we live in a world where such things seem to be every day events – a single supplier of meat going offline for a few days should not create a panic. The practical result of such attacks is that we need to balance the desire to have lean (and highly profitable) supply chain with the need to have a resilient one. The economic incentives for valuing resilience are hard to imagine as long as Ransomware attacks are treated like Black Swan events."

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.