JBS hacking: Top cybersecurity official warns of more ransomware attacks

Head of Threat Hunting for the Cybersecurity and Infrastructure Security Agency (CISA), Chris Butera, said ransomware has “continued to increase, especially in our state, local governments, as well as our critical instructor space”.

“The ransomware actors have become more brazen. They’ve started to exfiltrate data and try to extort payments,” he said during a virtual summit today.

“I do think we will continue to see that happen.”

Mr Butera described cybersecurity as a “primary priority” for the Biden administration, who believe Russian hackers are responsible for a crippling ransomware attack on the world’s largest meat producer, causing the shutdown of facilities across the world.

RELATED: Experts warn of attacks on Australia

Thousands of workers in Australia employed by corporate giant JBS have been stood down indefinitely as a result, plunging the local beef industry into chaos and sparking fears of a global meat shortage and significant price hikes if the shutdown drags on.

Member of the NSW Government’s 2020 Cyber Security Task Force and founder of Stickman Cyber, Ajay Unni, said in a statement that the incident “could have a long-lasting impact”, with 47 JBS-owned and operated facilities across Australia and some 11,000 employees.

“The attackers could have installed malicious software in different parts of the network, in what is called Advanced Persistent Threat and we will have to see what transpires,” he said.

“If JBS Food did not have good long management systems already in place that can help forensic investigations identify the breach, we may never discover the true cause and a lot of money will be spent cleaning up and restoring the systems to full integrity.

“Such attacks are akin to a denial-of-service attack where the victim is unable to provide its services or access its systems and networks.”

Mr Unni said that “our nation as a whole and businesses at large need to ensure they have basic defence mechanisms and abilities to spot, monitor, detect and respond to a cyber attack”.

“In the physical world, defence is the key to dissuading attackers from taking action. Cyber criminals want a return on their investment, not to prove a point, and our best form of protection is to invest in defence, continuous monitoring, detection and response and recovery capabilities,” he added.

He also warned that “if the global meat industry, the federal government and Australia’s largest media company have fallen pray to ransomware attacks”, smaller businesses could be next.

“Hackers are constantly honing their techniques and becoming more sophisticated in their approaches. Installing a firewall or antivirus software is no longer enough,” Mr Unni said.

“Weak spots need to be identified and eradicated before an attack occurs. Investing in continuous monitoring, detection and response with recovery capability is key, along with good governance, testing, training, policy and procedure and awareness all form part of a good cybersecurity practice.”

RELATED: The huge risk of cyber attacks in Australia

The White House has also attributed an attack on the East Coast’s Colonial pipeline – which struck the largest US fuel pipeline last month – to criminal organisations within Russia.

President Joe Biden is expected to address the attacks with his Russian counterpart, Vladimir Putin, when they come together at the June 16 Geneva summit, officials announced today – though Mr Biden is yet to publicly affiliate the attacks with the Kremlin.

“It’s time for the United States to start putting heads on spikes when it comes to confronting and dismantling ransomware groups,” Resident Fellow for the American Enterprise Institute (AEI), Klon Kitchen, told Fox News.

“If President Biden does not confront Vladimir Putin about the ransomware groups perpetrating from within Russia, he will be failing in his duty to protect the United States from these types of attacks.”