Brian Osterndorff, chair of the board of the Canadian Equipment Dealers Association, and president and CEO of Robert’s Farm Equipment, a seven-store group in Ontario, said on June 26 that they had just been informed that they could use the system again.

Tech firm CDK’s software was taken offline last week after a cyberattack by the BlackSuit ransomware group. CDK is being asked to pay tens of millions of dollars by the hackers. Reuters reported yesterday that the company expected dealers to be offline until at least June 30, but some dealers had functionality returned on June 26.

CDK provides business management software to dealers of all makes of farm equipment, so major dealers of John Deere, CNH and are working without digital systems across the country. CDK is also the leading provider of management software to automobile dealers and thousands of those dealerships are offline.

CDK says it has 15,000 North American dealers on its system.

Wawanesa, Man. farmer Jeff Elder said he was able to get what he needed on a recent parts run to the Rocky Mountain Equipment dealership in Brandon, however staff were relying on memory to find parts or looking them up on their phones.

“They had resorted to writing down orders on paper,” said Elder via text. “He couldn’t invoice me and said I would receive an invoice by email whenever they could get that done.”

Rocky Mountain Equipment declined to comment.

“Everything is being done manually,” said John Schmeiser, President of the North American Equipment Dealers Association (NAEDA) Canada. “You can just imagine the amount of time that our dealerships are spending on manual processes.”

Parts are tracked and managed through digital inventory systems.

“We have to actually know where the part is, in, in a bin, to go out and find it and fulfill that customer’s order without using our computer system to tell us where it is or how many that we have on order.”

Invoicing also has to be manual, said Schmeiser.

Osterndorff said that looking up parts, connecting parts to work orders and completing sales couldn’t be accomplished using their digital system and staff had to do the work manually.

Farmers are spraying and preparing combines for harvest so dealers continue to work as best they can.

“We can’t shut down the business, we have to take care of the customer,” Schmeiser said. “Dealers are really managing through this as best as they possibly can.”

Osterndorff says they have a team of people coming to dig out from the past week’s paperwork and get that information into the digital system.

He says they’ve learned that dealerships can continue to function, “but I think it’s just increased awareness right now of the vulnerability that we all are all have, and the effect that it has in our business.”

Schmeiser said the situation will be a wake-up call for the industry and will place even more emphasis on cyber security.

“I think as an industry as a whole, this whole situation is going to be looked at, at every sector, from the manufacturer point of view and the equipment dealer,” he said.

“We’re asking our customers or farm customers to be a little bit patient with our dealers, as we work through this problem. This is this is an issue that is not only frustrating for our equipment dealers, but can be frustrating for our customers as well.”

—Updated June 27 – adds John Schmeiser’s title, organization.

The post Some farm dealerships back online after cyber attack appeared first on Country Guide.

Instead of cash, the attackers demanded the hog business owners publicly admit to what they alleged to be livestock mistreatment.

The occurrence was unique and alarming, says Ali Dehghantanha, Canada research chair in cybersecurity and threat intelligence at the University of Guelph’s Cyber Science Lab.

The lab offers a for-fee support service for those managing cyberattacks and cybersecurity.

NEW AUDIO SERIES: Cyber-Savvy Farmer

While the number of cybersecurity incidents across Ontario’s agriculture industry has been rapidly increasing overall, he says the cashless ransomware attack against the family hog business — an incident he and his colleagues helped the family resolve — highlights what could become a wider trend in the tactics used by special interest actors.

Why it matters: Ransomware and other criminal cyber activities usually come with demands for payment. Malicious actors focused on disrupting food production rather than money pose another, potentially harder-to-solve threat.

According to Dehghantanha, the attack perpetrators claimed to have a variety of incriminating evidence showing animal abuse on the farm. This included camera footage taken from what the perpetrators claimed was a now-compromised farm surveillance system. The attacker’s prerequisite for releasing their hold on the farm’s network was a public statement, from the business owners, admitting to animal abuse.

In Dehghantanha’s view, this would have been financially devastating for the business.

In reality, no such footage existed. Indeed, claims of comprised cameras were false. Barring the demand for self-incrimination, the attack proved to be a standard, easily manageable ransomware attack.

“This was the first time working in this specific industry we have seen ransomware not asking for money. That would make our job much more difficult as we are dealing with adversaries whose motivation is not money,” Dehghantanha says, adding the transfer of cash is often the riskiest part for those committing ransomware attacks, because the movement of funds can be tracked.

“Prior to this we were not concerned with these small family food businesses…There was not a playbook for these kinds of situations.”

More accessible ransomware

Dehghantanha says his lab has been engaged with 20 cybersecurity issues reported from southern Ontario in the first half of 2023 alone — up from a mere handful in the entirety of 2019. Awareness of cyber risk has likely played a role in higher reporting, but it’s also getting easier for bad actors to acquire harmful attack tools like ransomware.

Simultaneously, the agriculture and food sector are underprepared for such threats. Dehghantanha considers agriculture and food to lag other sectors, notably energy and health, by approximately five years. Remedying the problem would begin by establishing a committee or another body of industry representatives, technology experts, and others to design cybersecurity standards “rooted in the reality of the industry.”

“We must identify steps for farmers and businesses that can be gradually achieved to get to the same level. This has happened in energy and health sector so there’s no reason it can’t happen in agriculture sector,” says Dehghantanha.

“We need to identify a body responsible for receiving these standard reports from farmers trying to evaluate them and give feedback and work with them…If a farmer knows they are level two, level three, or whatever level they are, it would make it much easier for them to understand and improve.”

Awareness and practice

Stakeholders in the agriculture sector, such as Ontario Pork, say they are raising awareness about the ever-growing need for better cybersecurity.

In an email statement received July 12, Ken Ovington, general manager for Ontario Pork, says the commodity group “routinely meets with cybersecurity experts and researchers to gather knowledge that can be used to create awareness and provide informational tools that are valuable to pork producers and the provincial pork industry.

“These types of cyberattacks are undeniably on the rise. As technology usage increases, so does the methods and sophistication of cyber criminals so it’s crucial that producers, agricultural organizations and government continue to prioritize cybersecurity measures, stay vigilant, and collaborate to prevent future cyberattacks,” says Ovington.

Strategies used to prevent issues within the organization itself were listed as well, including cybersecurity training for employees. No comment on specific incidents, such as the ransomware attack on the family hog operation, was provided.

Dehghantanha himself encourages greater proactivity. While establishing standards would help the agriculture sector improve overall security – and, potentially, bring spinoff benefits like lower insurance rates for higher cybersecurity scores – he stresses individuals and organizations need to pay attention to the threat posed by cyber criminals focused on industry disruption over money.

“We don’t need to wait for a standard to work on awareness. If you have livestock, you could be on a target list.”

— Matt McIntosh is a southwestern Ontario freelance writer. This article previously appeared at Farmtario.com.

The post Activists target Ontario hog farm with ransomware appeared first on Country Guide.

The company on Thursday released that estimate as part of its fourth-quarter financial report, in which it booked a Q4 net loss of $41.49 million on $1.186 billion in sales and a full-year net loss of $311.89 million on $4.739 billion in sales.

During its fourth quarter, on Nov. 6, 2022, Mississauga-based Maple Leaf confirmed it was hit with a “system outage stemming from a cybersecurity incident.”

In Thursday’s report, the company reiterated it “took immediate action and engaged cybersecurity and recovery experts” upon learning of the attack, and “executed its business continuity plans” as it restored affected systems.

Maple Leaf said it was able to maintain operations throughout the event and work with customers and suppliers to “minimize service disruptions,” but nevertheless, its “normal business activities were interrupted.”

With that came the expenses of “system restoration costs, lost sales, overtime, spoiled inventory” and professional fees paid to its experts, the company said.

The company on Thursday estimated fourth-quarter “direct and indirect economic impact” of “at least” $23 million relating to the incident.

Maple Leaf also said it expects to recover some of those costs through related insurance payouts later in 2023. CEO Michael McCain said those amounts can’t yet be booked into the company’s financial results but the company is “very confident” it will be able to recoup some of those costs.

Asked Thursday about the nature of the cybersecurity attack, a company spokesperson said via email the attackers in this case “did try to extort a ransom from us and we refused to pay.”

Maple Leaf in November reported “operational and service disruptions that vary by business unit, plant and site.”

The company’s operations in Canada include hog slaughter plants at Brandon, Man. and Lethbridge, Alta.; five fresh poultry plants in Ontario and one at Edmonton; hatcheries in Ontario and Alberta; five feed mills in Manitoba; and pork and poultry further-processing sites in five provinces. The company recently opened a major new poultry plant at London, Ont.

As for its livestock production, “our farms have adjusted their practices due to the system outage, and we feel confident in our ability to care for our animals and meet their needs,” Maple Leaf said at the time.

On a call with market analysts Thursday, McCain said the $23 million estimate reflects a combination of “incremental” costs incurred as a result of the company’s “entire team” shifting its focus to deal with the incident.

Within less than 48 hours of the attack being discovered, he said, staff were able to shift operations to “fully manual… essentially paper-and-pencil” while company information systems were cleaned and rebooted.

While the company didn’t use the word in its report, the nature of the attack points to ransomware — a form of malware that either encrypts a targeted computer system’s files, rendering them unusable, or removes a system’s sensitive data.

A ransom, usually payable in cryptocurrency, is then demanded of the system’s owner, in exchange for a decryption key or the missing data.

Maple Leaf’s outage isn’t the first ransomware attack in Canada’s meat packing sector. Canadian operations of Brazilian meat packer JBS briefly halted in the summer of 2021 when that company’s U.S. arm was hit by what was later confirmed to be a ransomware attack.

However, where Maple Leaf says it refused to pay, the CEO of JBS USA later confirmed the company did pay a cryptocurrency ransom equivalent to about US$11 million.

Andre Nogueira was quoted by Reuters at the time as saying “we felt this decision had to be made to prevent any potential risk for our customers.” — Glacier FarmMedia Network

The post Cyberattack a $23 million hit on Maple Leaf ledger appeared first on Country Guide.

UPA, in a release last Thursday, said it’s working with a cybersecurity firm to analyze the nature and scope of the attack, as well as any possible solutions to securely restore its affected systems.

UPA oversees 130 different unions of producers organized by commodity within 25 specialized affiliated groups, and represents the province’s 42,000-odd farmers and forestry producers regionally through 90 locals within 12 regional federations.

The organization said the Aug. 7 attack affected UPA servers, files and relevant computer applications — and also affects “several” of those UPA-affiliated commodity-specific and region-specific bodies.

Ransomware is a form of malware that encrypts a targeted computer system’s files, rendering them unusable, or removes a system’s sensitive data. A ransom, usually payable in cryptocurrency, is then demanded of the system’s owner, in exchange for a decryption key or the missing data.

UPA didn’t say in Thursday’s release whether it had paid, or has been asked to pay, any ransom. It said measures were taken when the incident was discovered, so as to limit the attack’s reach.

UPA added that it won’t release further details publicly, so as to keep its further investigation confidential and running smoothly.

It would only say the farm-level activities of agricultural businesses “are not compromised” by the attack — and that “all actions” required to protect the interests of the UPA, its members, its staff and its affiliate organizations are being considered.

According to Dr. Janos Botschner of the Guelph-based Community Safety Knowledge Alliance, ransomware often enters systems via phishing — that is, creating a bogus email, made to appear like it comes from a legitimate organization, including a link which grants hackers access — or via “credential stuffing,” that is, using stolen credentials from a legitimate source.

Ag and agrifood industries and policymakers are coming around to the need to deal with vulnerabilities at the farm or processor level, Botschner said on an episode of Between The Rows in December.

Organizations running on older or outdated software, for example, are a “juicy target” for ransomware, he said.

At the farm level, ensuring cybersecurity means farmers need to make sure their technology can ward off three main kinds of threats, Dr. Ali Dehghantanha of the University of Guelph’s Cyber Science Lab said in a separate release Wednesday.

Apart from ransomware, those threats include theft of confidential information — that is, anything from livestock feeding schedules to greenhouse temperatures — and vandalism by foreign actors designed to disrupt businesses’ networks.

Interrupting farm supply chains, for instance, may mean farmers lose crops and ultimately lose time and money in replacing them, Dehghantanha said. “Any disruption of infrastructure could cause disruption of the supply chain and affect food security.”

However, he said in the same release, “the level of cybersecurity protection in agriculture is minimal to non-existent… The agricultural sector is a soft underbelly from a cybersecurity point of view.”

Major ag-related targets of ransomware attacks in the past couple of years have included the U.S. (and Canadian) arm of meat packer JBS; farm equipment manufacturer Agco; and at least three U.S. grain handlers.

“Everyone or every business is potentially vulnerable, regardless of the size, and being in an out-of-the-way, rural location doesn’t mean that you’re necessarily secure,” Botschner said in December. — Glacier FarmMedia Network

The post Quebec’s UPA hit by ransomware attack appeared first on Country Guide.

“The agricultural sector has increasingly become a target of cyber-attacks in ways that can cause serious disruption to the livelihoods of rural communities and to critical infrastructures, including supply chains,” said Janos Botschner, lead investigator for Cyber Security in Canadian Agriculture (CSCA).

Why it matters: Experts say cyber security should be a priority consideration for all critical infrastructure operators including the agricultural sector. 

CSCA oversees the multi-year Cyber Security Capacity in Canadian Agriculture project developed to strengthen and support domestic food security and well-being, rural economic development and resilience, and national prosperity. Funded by Public Safety Canada’s Cyber Security Cooperation Program, the project aims to bolster Canada’s agriculture sector cyber security capacity. 

“Because of how important agriculture is to Canada’s well-being and prosperity, we all have skin in the game, so cyber security can be thought of as a joint responsibility,” Botschner said. 

“However, good cyber security is more than a checkbox exercise. It’s something that requires regular attention, like any other form of business risk management.”

Botschner said a cyber gang announced in late 2020 its intentions to disrupt the agriculture and food sector in the coming year. In 2021 there was an attack on meat processor JBS, and two grain buyers in the U.S. were subjected to ransomware attacks during the harvest season.

“Disrupting supply chains at critical cycles and/or threatening to release confidential data are additional methods used to ratchet up perceived pressure on victims to pay a ransom,” he said.

The Federal Bureau of Investigation confirmed that in the fall 2021, six grain cooperatives fell victim during harvest. In addition, two attacks were levied in early 2022 that could have disrupted seed and fertilizer supplies.

“Cyber actors may perceive cooperatives as lucrative targets with a willingness to pay due to the time-sensitive role they play in agricultural production,” said the FBI in a release. 

“Although ransomware attacks against the entire farm-to-table spectrum of the FA [food and agriculture] sector occur regularly, the number of cyber-attacks against agricultural cooperatives during key seasons is notable.”

The FBI, along with cyber security agencies in Australia and the United Kingdom, issued a joint cyber security advisory in February that warns of an evolution in ransomware tactics. High-impact and sophisticated attacks involving critical infrastructure organizations, including agriculture, are becoming more common globally, which could significantly impact the food chain and food security for humans and livestock. 

“A significant disruption of grain and corn production could impact commodities trading and stocks,” the FBI said. 

“An attack that disrupts processing at a protein or dairy facility can quickly result in spoiled products and have cascading effects down to the farm level as animals cannot be processed.”

Botschner wouldn’t speculate on the magnitude of the threat facing Canadian producers and supply chains but noted the interdependent nature of Canadian and U.S. supply chains, purchasing arrangements and geopolitical positions warrant a risk analysis within each sub-sector. 

“It is important to understand that the agriculture sector has many large organizations but also independent producers that are critical to the supply chain,” he said. 

“Many (farms) are run by families who leverage the same devices and accounts for work and personal use. Most wouldn’t have a dedicated IT employee and may not have thought of business continuity plans.”

At the farm business level, it’s vital to assess risk and develop protocols for critical information back-up, prevention and recovery policies to safeguard against ransomware attempts. 

Ag businesses should approach cyber security as they do fire safety, he said, with cyber-drills to ensure those involved in the day-to-day running of the farm understand how to quickly implement back-ups in the case of a digital shutdown. 

Ritesh Kotak, a cyber/tech analyst based in Toronto, said several devices generate data within agriculture, such as smart irrigation systems, drones, weather sensors and other Internet of Things (IoT) monitoring tools in which aggregated data is provided for convenience.

Agriculture business owners often make the simple mistake of purchasing consumer devices, not enterprise-grade that have increased security and service scrutiny, said Kotak. 

Vendors should be asked about their privacy policies, whether they share consumer data, and whether their support team is in-house or outsourced. Then clients can assess cyber risk. 

“I personally like to look at the company information, how long have they been in business, who’s on their board, and any complaints against the company,” Kotak said, adding he speaks to customers to get a business-level assessment of the service. 

He said it’s essential to craft policies, communicate and implement them with staff, and ensure the training on data and software is simple and understandable. That includes being wary of free trials, which could track user activity.

Reading the terms of service, while tedious, is critical to finding “hidden” information, he said. For example, the second-generation Nest smoke alarm has a microphone in it. 

The terms of service for a Delaware-based face-recognition app he assessed showed the app stored data in St. Petersburg, Russia. 

“This idea of data residency – you want to ask that question. Even though you’re using a cloud-based system, where’s my data being housed?” said Kotak. “And is there a way for me to house it north of the 49th parallel within Canada?”

He said customers could demand, and might even be required, to ensure data is housed in Canada, especially if working with government agencies.

Botschner said a collective move from a reactive to a proactive posture is needed toward cyber security.

“Over the next couple of years, our project will be producing knowledge products to help producers, policymakers and others explore and implement ways of enhancing cyber capacity within this key sector,” he said.

– Diana Martin is a reporter for Farmtario. Her article appeared in the May 16, 2022 issue.

The post Cyber-attacks on the rise in the ag sector appeared first on Country Guide.

Georgia-based Agco, whose brands include Massey Ferguson, Fendt, Challenger and Valtra, said in a statement it expects operations at some facilities to be affected for “several days and potentially longer.”

The ransomware attack comes at a time U.S. agricultural equipment makers were already facing persistent supply chain disruptions and labour strikes that left them unable to meet equipment demand from farmers.

Agco did not disclose the names of the facilities or if any data was stolen, but said it was still probing the extent of the attack that occurred on Thursday and working to repair its systems.

Tim Brannon, president and owner of B+G Equipment in Tennessee, told Reuters he has not been able to access Agco’s website for ordering and looking up parts since Thursday morning.

“We just have to trust that it will be over as soon as possible because we are coming into our busiest time of the year and it will be very damaging to our business and customers,” Brannon said.

Agco, which competes with larger rival Deere and Co., sells tractors and combines and manufactures and assembles products in 42 locations worldwide with 1,810 dealerships in North America.

Dealers are now struggling to keep up with orders that were already backlogged.

The company told dealers that it was “prioritizing” the most business-critical systems in an email read to Reuters by a dealer who declined to be identified.

“I’ve got about nine orders that I need to place right now,” the dealer said.

He said Agco told him “digital systems” had been impacted worldwide.

Agco did not respond to requests for additional comment.

Ransomware attacks have targeted food and fuel companies in the U.S. in recent years, including the Colonial Pipeline oil network and meat processing company JBS. Last autumn, at least three grain handlers in the Midwest were hit with ransomware attacks.

— Reporting for Reuters by Nathan Gomes in Bangalore and Bianca Flowers and P.J. Huffstutter in Chicago.

The post Agco ransomware attack disrupts equipment sales appeared first on Country Guide.

The Community Safety Knowledge Alliance, the lead organization on the Cyber Security Capacity in Canadian Agriculture project, has put up a voluntary online survey for farm operators, running until Feb. 18, “to look at how farmers understand and experience cybersecurity in their day-to-day work.”

Data from the survey — which is believed to be the first “comprehensive” survey of cybersecurity focusing on the Canadian farm sector — “will be used to develop information and recommendations to help farmers safeguard their operations,” the CSKA said.

The CSKA said its survey “draws from work carried out in Canada and elsewhere, to help us better understand how farmer experiences in this country compare to other areas and sectors.”

The survey is confidential and no personally identifying information will be attached to any reports resulting from it, the CSKA said.

The federal public safety ministry last March funded the project via the national Cyber Security Co-operation Program. The CSKA is a not-for-profit organization that works with private- and public-sector organizations to research, evaluate, train and promote in the field of community safety.

Glacier FarmMedia (GFM), owner of this website and publications including Country Guide, Grainews and the Western Producer, announced last April it would collaborate with CSKA to help further extend the ag project’s reach.

Cybersecurity, for the purpose of this project, refers to “steps taken to protect computer systems, communications technology or devices connected through the internet or a network” from disruptions, whether “accidental or intentional.”

Cybersecurity in the farm and agribusiness sectors lit up on the public radar in 2021 following ransomware attacks on businesses including international meat packer JBS.

CSKA lead investigator Dr. Janos Botschner said last April that Canada’s ag and food sectors can be considered critical infrastructure in the same sense as water and electricity supplies, telecommunications and financial services.

Ag and food, he said, “is a little bit newer to digital technology than other sectors are, but it may end up moving toward digitalization faster than the others have had to.”

Glacier FarmMedia, the CSKA and Public Service Canada hosted a webinar Monday for farmers on cybersecurity in farm businesses, and will host a sequel online on Feb. 17. — Glacier FarmMedia Network

The post Farm cybersecurity campaign seeks farmer input appeared first on Country Guide.

The Communications Security Establishment (CSE), citing attacks on North American health facilities and a U.S. pipeline, said the scale and scope of ransomware operators represented both security and economic risks to Canada and its allies.

Ransomware and related cybersecurity issues took on added significance in the agriculture and agribusiness sectors following attacks on U.S. ag input and grain handling operations and multinational meat packer JBS earlier this year.

“Ransomware operators will likely become increasingly aggressive in their targeting, including against critical infrastructure,” said a report issued by the Canadian Centre for Cyber Security, a unit of CSE.

The agency said it knew of 235 ransomware incidents against Canadian victims from Jan. 1 to Nov. 16 this year. More than half of these victims were critical infrastructure providers.

In 2021, the global average total cost of recovery from a ransomware incident has more than doubled to $2.3 million.

“Ransom payments are likely reaching a market equilibrium, where cybercriminals are becoming better at tailoring their demands to what their victims are most likely to pay,” CSE said.

The agency reiterated previous statements that actors in Russia, China and Iran posed a major threat.

“Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals, either through association or recruitment, and allow them to operate with near impunity as long as they focus their attacks against targets located outside Russia,” it said.

— Reporting for Reuters by David Ljunggren in Ottawa.

The post Spy agency sees ransomware attacks soaring appeared first on Country Guide.