Dole Food Company temporarily shut down its production plants in North America and stopped food shipments to grocery stores following a ransomware attack earlier this month. The attack, which was only recently reported, led to complaints from grocery shoppers that store shelves were missing Dole-made salad kits. Dole has confirmed that the ransomware was the cause of the incident and that it has notified law enforcement and is cooperating with their investigation.
While the impact on Dole's operations has been limited, two grocery stores in Texas and New Mexico were unable to stock Dole salad kits on their shelves for days. Dole said it "moved quickly to contain the threat" after learning of the incident and engaged third-party cybersecurity experts to remediate the issue and secure systems. The duration of the shutdown was not clear.
It is not known if a ransom was demanded by the hackers or if Fortinet, which provides Dole with email security software, played any role in detecting the attack. High-profile hacks against the food and agriculture sector in the last two years have threatened supply chains and caused distributors to strengthen their cybersecurity.
Grant Geyer, Chief Product Officer, Claroty, shared why food-industry companies are frequently targeted for ransomware attacks and how organizations can prepare to avoid becoming a victim:
"What has become clear over the past few years is that due to the interconnected nature of the food supply chain, the agriculture and food sector is a prime target for cyber criminals. This incident puts further emphasis on managing cyber-related risks in production environments where vulnerable legacy technology rules the day, and downtime is unacceptable. With four processing plants in the US and employing more than 3,000 people, Dole’s operations are running 24/7 and any downtime or compatibility issues could cost millions. Much of the IT equipment in manufacturing plants can’t be patched frequently, making these assets a prime target for attacks such as ransomware, which can seize up operations abruptly with a dramatic cost to the enterprise.
Another unique and concerning facet of the food industry is the very broad set of third-party automation vendors that maintain site-to-site access directly into the OT environment for maintenance. These connections have surprisingly limited identity and access management controls and even fewer – if any – session monitoring and recording. With so many potential OT entry points, attackers don’t even need to transit the IT/OT boundary to wreak havoc.
To protect themselves against any kind of attack or security breach, producers, manufacturers and anyone involved in the food & beverage and their supply chain should ensure that they have complete visibility into all of their systems and processes and make sure to continuously monitor for any threats that could result from a targeted or opportunistic attack."
Ransomware encrypts computers so that hackers can demand a payoff. The trend of ransomware attacks appears to be declining, with revenue falling from $766 million in 2021 to $457 million in 2022, according to cryptocurrency-tracking firm Chainalysis. Security analysts attribute this to fewer victims paying off their attackers and improved defenses by some targets. However, ransomware is not the only digital scam that has hit the food sector. Cybercriminals have stolen hundreds of thousands of dollars’ worth of shipments from US food suppliers by placing fraudulent orders for milk products.