Last month, the Food and Ag-ISAC released its first Food and Ag Sector Cyber Threat Report - a summary analysis of many of the top threat actors targeting the industry. Unlike our Ransomware Report, this report analyzes activity from all threat actors and comprises data collected by our analysts on over 200 different actors. The report data was collected in collaboration with our members and partners, including the IT-ISAC and members of the National Council of ISACs.
Primarily, the Food and Ag-ISAC team used their Predictive Adversary Scoring System (PASS) to analyze the data from these 200-plus threat actors.
What is the Predictive Adversary Scoring System?
PASS was developed in collaboration with the Food and Ag-ISAC and the IT-ISAC to help organizations prioritize monitoring of known adversaries by ranking them through several key metrics:
Level of Activity (How recently has the group been active)
Frequency of Sector Targeting (How often has the adversary attacked the sector in the past)
Sophistication/Impact (Set of tactics, techniques, and procedures that show a level of sophistication or impact)
Motivation (Financial, Geopolitical, Ideological, Recognitional)
What Were the Major Threat Actors?
Our team identified the top four major groupings of threat actors in the industry:
Ransomware Actors (53%)
Nation-State Actors (27%)
Cyber Criminals (15%)
Hacktivists (4%)
It is important to clarify that these are threat actors, not individual incidents Out of all of these, Ransomware Actors are the most active, accounting for over half of all threat actors seen by the food and ag industry.
What Techniques Do the Threat Actors Use?
The tactics, techniques, and procedures (TTPs) these threat actors use while targeting the food and ag sector vary, but the primary ones our report identified were the following:
Readily Available Tools or Living off the Land (LOTL) (92% of adversaries)
LOTL is an attack that uses fileless malware and tools that are already available on the system, allowing threat actors to leverage common tooling to evade the attention of automated detection.
Targeted Spearphishing Attacks (82% of adversaries)
Spearphishing is phishing that targets specific organizations, individuals, or groups, and is a very common means of initial entry.
Custom Malware (80% of adversaries)
Threat actors sometimes develop specific malware to fit their unique campaign objectives; custom malware can also help cyber attackers bypass signature-based defenses like antivirus software.
Stealthy Exfiltration and Lengthy Persistence (70% of adversaries)
Persistence malware can lie undetected for long periods of time, slowly siphoning off information or simply monitoring systems in preparation for an opportunistic attack.
Want to Learn More?
For more details about the threat actors and TTPs currently operating in the food and ag sector, as well as tips on how you can protect and defend against these attacks, read our public report here.