[Security Weekly] US Farming Sector Suffers Serious Ransomware Attacks

cover image

October 2021, Issue I


1. Two Major US farms suffer serious ransomware attacks

In late September, two major US agricultural cooperatives were hit by ransomware, resulting in operation disruptions and data loss.

Crystal Valley Cooperative, a Minnesota-based farm and grain cooperative that works with 2,500 farmers in Minnesota and Iowa, was attacked on September 19. The company’s IT systems were severely affected and the entire IT network was shut down for restoration, including phone lines and payment systems. Operations were halted. Payments through credit cards were temporarily suspended.

Just a few days earlier, another Iowa-based farming cooperative called New Cooperative was confirmed to be hit by BlackMatter ransomware. The ransomware gang claimed to have stolen 1,000 GB of data and demanded a $5.9 million ransom. Screenshots posted on BlackMatter’s leak site showed information of the company’s IT network, financial statements, personal information and social security numbers of employees, and source code.

The agriculture sector is one of the 16 critical sectors that US President Joe Biden warned ransomware operators to stay away from, since long-term operation disruptions could lead to a shortage of food supply. Fortunately, no further attacks were reported.

Sources: ZDNet, Threatpost, Bleeping Computer


2. Google to auto-enroll two-factor authentication for 150 million accounts

Google announced earlier this month that it is planning to auto-enroll 150 million accounts into default two-factor authentication (2FA) by the end of 2021, including two million accounts belonging to YouTube creators.

Google’s 2-Step Verification (2SA) forces users to pass a second layer of authentication after entering the correct username and password. This second layer of authentication is currently available in the form of a one-time password (OTP) sent through an authentication app or text message (mOTP). Other methods include the use of Google Prompt and hardware security keys like Google Titan.

The auto-enrolment process has already begun in May. Google said that it would only auto-enroll accounts that have existing backup mechanisms, such as a phone number.

As account hacking methods become increasingly sophisticated, multi-factor authentication (MFA) will become the default for most services. Likewise, Penta Security’s iSIGN+ provides single sign-on (SSO) MFA to businesses, helping them keep their systems safe from intrusions.

Sources: The Verge, The Register


3. Luxury retailer Neiman Marcus reveals breach of 3.1 million credit card records

US luxury department store chain Neiman Marcus disclosed a data breach of 3.1 million credit card records taken place during a cyberattack back in May 2020. It took the company 17 months to discover the attack and send out this notice.

Compromised data included customer names, contact information, credit card details without CVV2 codes, gift card numbers, usernames, passwords, and security questions. The company reassured that only 15% of the exposed credit cards are still active.

The attack occurred a few months before Neiman Marcus filed for bankruptcy in September 2020, which may have been the cause of such delayed discovery. Experts suggested that there is a certain chance that the data may have already been sold to third parties. At this point, it is nearly impossible to find any direct evidence.

Sources: Threatpost, Infosecurity


4. Electronics manufacturer JVCKenwood attacked by Conti ransomware

JVCKenwood, a Japanese-based electronics manufacturer specializing in audio and radio equipment for cars and homes, revealed on September 29 that it was attacked by ransomware.

The company stated that the servers belonging to its sales operations in Europe were compromised on September 22, after which sensitive data may have been exfiltrated by the attackers. It was later confirmed that the Conti ransomware gang was behind the operation, claiming to have stolen 1.5 TB of data and demanded a $7 million ransom. 

A wide range of corporate data were accessed, including financial, legal, HR, and IT-related information belonging to JVCKenwood and its suppliers. Personal data containing names, contact details, payroll information, and banking information were also compromised.

Sources: Bleeping Computer, Computer Weekly


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Database Encryption: D’Amo

Identity and Access Management: iSIGN+ 

Car, Energy, Factory, City Solutions: Penta IoT Security