Cybersecurity admin November 1, 2023

CYBERSECURITY

Cyberattacks not only are increasing in frequency, but they are costing victims larger financial losses. As noted by the Federal Bureau of Investigation (FBI): “Malware distributors have gotten increasingly savvy, and you need to be careful about what you download and click.” Please review the resources below that are particularly relevant to the agribusiness industry. 

NEW ALERTThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company.

Read more: Why CISA is Warning CISOs About a Breach at Sisense – Krebs on Security

Note: DroneDeploy, an advanced aerial mapping and 3D modeling software used by some agricultural companies, uses Sisense as a subprocessor

 

Federal ransomware guides

Joint Cybersecurity Advisory: Criminal Actors Use Business Email Compromise to Steal Large Shipments of Food Products and Ingredients – Dec. 15, 2022

Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA)

CISA’s CyberSentry – The program provides unique visibility into cyber threats targeting critical infrastructure entities that are highly targeted and highly consequential, enabling a true partnership between CISA and each participating organization to  provide an added layer of detection and response using sensitive operational information.

Weak Security Controls and Practices Routinely Exploited for Initial Access – This page provides several recommendations and technical details that organizations can take to reduce their risk of becoming a victim to malicious cyber activity. (May 17, 2022)

READOUT: CISA call on potential Russian cyberattacks against the United States (March 22, 2022)

CISA Urges Organizations to Implement Immediate Cybersecurity Measures to Protect Against Potential Threats (Jan. 18, 2022)

Reducing the Significant Risk of Known Exploited Vulnerabilities: Organizations should review and refresh their vulnerability management policies, refer to the CISA catalog of known exploited vulnerabilities, and establish a more aggressive turnaround time to protect their networks against urgent, active threats. (Nov. 3, 2021)

Dark Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks (May 11, 2021)

Ransomware Guide providing recommended best practices for addressing ransomware attacks (September 2020)

More CISA Resources:

Stop Ransomware | CISA
Conti Ransomware | CISA, FBI, NSA
Cybersecurity Awareness Month – October| CISA
Cyber Resource Hub | CISA
Selecting and Hardening Remote Access VPN Solutions | CISA, NSA

Federal Bureau of Investigation (FBI)

Cyber Crime – The FBI’s cyber strategy is to impose risk and consequences on cyber adversaries. Learn more about what you can do to protect yourself from cyber criminals, how you can report cyber crime, and the Bureau’s efforts in combating the evolving cyber threat.

Ransomware Attacks on Agricultural Cooperatives Potentially Timed to Critical Seasons (April 20, 2022)

Indicators of Compromise Associated with Diavol Ransomware (Jan. 19, 2022) 

Cyber Criminal Actors Targeting the Food and Agriculture Sector with Ransomware Attacks (Sept. 1, 2021)

Cyber Actors Conduct Credential Stuffing Attacks Against the US Food & Agriculture Sector (MEMBERS ONLY LINK) 

Department of the Treasury

Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments (Sept. 21, 2021)

White House Memo

What We Urge You To Do To Protect Against The Threat of Ransomware (June 2, 2021)

NGFA Virtual Events

NGFA member webinar: Watch the recording and find more resources from Jan. 19, 2021, “Cyber Threats and Ransomware: A Webinar with the FBI and CISA.

CEC 2020: During NGFA’s virtual 49th annual Country Elevator Conference and Trade Show (CEC) in December 2020, NGFA members and cybersecurity experts explained the basics and discussed best practices for cybersecurity. WATCH: “Cybersecurity Today: Ransomware and Beyond” with Heather Hughes, vice president at Stroz Friedberg, and NGFA First Vice Chairman Greg Beck, senior vice president of the Grain Division at CGB Enterprises.

More Resources
Report a Cyber Incident

Report anomalous cyber activity and/or cyber incidents 24/7 to report@cisa.gov or (888) 282-0870.
Report an Incident 
Report Phishing 
Report a Vulnerability 

Report incidents as defined by NIST Special Publication 800-61 Rev 2, to include:
• Attempts to gain unauthorized access to a system or its data,
• Unwanted disruption or denial of service, or
• Abuse or misuse of a system or data in violation of policy.

Federal incident notification guidelines, including definitions and reporting timeframes can be found here.
Contact: Central@CISA.dhs.gov