Farm Machinery at Risk | Putin Bolstering Russia’s IT Security | Ransomware Groups Leveraging Old Vulnerabilities

May 23rd

Article by Christopher Lauder, Delegate Relationship Executive, Rela8 Group


Farm Machinery at Risk

Multiple news outlets this week have been reporting how it is feared that modern “smart” farming machinery is now at risk. Experts are worried that smart farming machinery is vulnerable to hackers, which would leave global supply chains exposed.

It is feared, according to experts, that hackers could exploit flaws in agricultural hardware which is used to both plant and harvest crops. This comes as agricultural giant John Deere announces that they are now working to fix any potential weak spots in their software. James Johnson, John Deere's Global CISO told the BBC that the company had been liaising with numerous ethical hackers on vulnerabilities they have found.

Benjamin Turner, Chief Operating Officer at Agrimetrics, one of four UK government-backed agri-tech centres of agricultural innovation, said:

"Hacking into one tractor, you can upset a farmer and maybe damage their profitability for a season. Hacking into a fleet of tractors, suddenly, you've got the power to affect the yield in whole areas of the country."

Recently, the University of Cambridge released a report looking into this issue. They found that multiple targets could fall victim to attackers – notably automatic crop sprayers, drones, and robotic harvesters could be hacked.

This issue is important, as smart technology is being used increasingly to make farms more productive and efficient. The most recent generation of agricultural robots are using artificial intelligence to minimise human involvement in the farming process. While they do help to plug a labour shortage or increase yield, the fear of the inherent security risk is growing, adding to concern over food-supply chains already threatened by the war in Ukraine and Covid.

Source - Farm Machinery Hacking Risk - BBC News

Source - Farm Machinery Hacking Risk - Cambridge University Report

Source - Farm Machinery Hacking Risk - The Scotsman

Source - Farm Machinery Hacking Risk - IT Tech Post

Hacking into one tractor, you can upset a farmer and maybe damage their profitability for a season. Hacking into a fleet of tractors, suddenly, you've got the power to affect the yield in whole areas of the country
Benjamin Turner, COO at Agrimetrics

Putin Bolstering Russia’s IT Security

Moving our focus over to Russia – President Putin said last Friday that Russia must bolster its cyber defences by reducing the use of foreign software and hardware. President Putin also claimed that cyber attacks on Russia by foreign “state structures” had increased several times over.

In a statement, President Putin said:

“Targeted attempts are being made to disable the internet resources of Russia's critical information infrastructure [...] Serious attacks have been launched against the official sites of government agencies. Attempts to illegally penetrate the corporate networks of leading Russian companies are much more frequent as well."

In a meeting with the Security Council, Putin said that Russia would need to improve information security in key sectors and switch to using domestic technology and equipment.

"Restrictions on foreign IT, software and products have become one of the tools of sanctions pressure on Russia," Putin said. "A number of Western suppliers have unilaterally stopped technical support of their equipment in Russia."

This is definitely a story to keep an eye on over the coming weeks as the conflict in Ukraine continues to develop.

Source - Putin Bolstering Russia’s IT Security - Reuters

Source - Putin Bolstering Russia’s IT Security - Republic World

Source - Putin Bolstering Russia’s IT Security - Mashable

Ransomware Groups Leveraging Old Vulnerabilities

In an article by Jill McKeon, she examines the new report from Cyber Security Works (CSW). In the report, CSW notes that researchers have observed ransomware groups leveraging vulnerabilities that were multiple years old to exploit their victims. This illustrates an ongoing trend of threat actors targeting known vulnerabilities and trusted attack methods rather than using and developing new ones.

Since January 2022, researchers have observed a 7.6% increase in vulnerabilities tied to ransomware, the report stated. Notably, 11 of the 22 newly added vulnerabilities linked to ransomware were first disclosed in 2019, “indicating that ransomware groups are on the hunt for vulnerabilities with pre-existing means of exploitation,” the report noted.

Jill explains that these findings also align with the Q1 2022 report from the Health Sector Cybersecurity Coordination Centre (HC3). They saw threat actors leveraging legitimate tools and existing weaknesses to exploit victims rather than developing custom malware. HC3 observed threat actors favouring file transfer, remote access, and encryption tools to infiltrate target organisations.

More details can be found in the sources below.

Source - Ransomware Groups Continue to Leverage Old Vulnerabilities - Health IT Security

Source - Ransomware groups increasingly leveraging legitimate tools - Health IT Security

Source - Ransomware Index Update Q1 2022 Report - Cyber Security Works

Ransomware groups are on the hunt for vulnerabilities with pre-existing means of exploitation
Cyber Security Works report
If you want to get in touch then give us a shout