USDA Warns Food Companies: Hackers Targeting Large Shipments With BEC Tactics
Key Points
- U.S. agencies are warning the food industry about a Business Email Compromise (BEC) campaign targeting their sector.
- The BEC campaign uses a combination of phishing, impersonation, social engineering, and account takeover.
- Organizations should be vigilant and ensure adequate security protocols to protect themselves.
Organizations within the food and agriculture sector are being warned to be vigilant of recent incidents involving business email compromise (BEC) campaigns intended to steal expensive food products and ingredients. The FBI, Food and Drug Administration and Department of Agriculture have released a joint advisory to alert those in the industry to the risk of these fraudulent activities.
It warns that stolen products may be repackaged and sold on the black market, allowing them to bypass food safety regulations and standards. This form of BEC is unique in that it focuses on the theft of physical goods, rather than money, by using spoofed emails and domains to imitate legitimate businesses and place fraudulent orders. Companies in the food and agriculture sector must remain vigilant of such schemes if they want to protect their products and reputation.
How the Attack Works
The BEC campaign is highly sophisticated and uses a combination of phishing, impersonation, social engineering, and account takeover techniques to target vulnerable organizations. The perpetrators are believed to be using automation and advanced artificial intelligence to make it more difficult for organizations to detect and defend against these attacks.
The advisory warned that cybercriminals might seek to exploit food and agriculture businesses by designing email accounts and websites with names similar to that of legitimate companies. These email accounts will be used to deceive companies into extending credit. Unfortunately, this can result in the victim company shipping out its product without receiving payment.
One U.S. sugar supplier was contacted through their web portal and was asked to extend credit for a full truckload of sugar. The request, filled with grammar mistakes and purportedly coming from a senior officer of a non-food company, was later determined to be fraudulent after the sugar supplier took additional steps to authenticate the request. Their actions highlight the importance of verifying customer requests and conducting due diligence before completing a transaction.
In another incident, a food distributor fell victim to a fraudulent request made via email. The message purported to come from an international snack food and beverage company, asking for two full truckloads of powdered milk. The cybercriminal used the real name of the company’s CFO in the email, with only a slight alteration to the domain name. In the end, the food distributor had to pay their supplier over $160,000 for the shipment, all due to responding to this fraudulent request. This serves as a reminder that businesses must remain vigilant against cyber fraudsters constantly assessing ways to exploit the human factor.
What Techniques Are Malicious Actors Using to Deceive Organizations?
If you are familiar with the typical BEC attack, there are key differences to note with this particular campaign. Spear phishing, a common technique used by threat actors to gain initial access to IT networks, is especially concerning. If personnel open malicious attachments or links in emails, malicious payloads can be downloaded and executed, granting the bad actors access to the network.
Some examples of ways that malicious actors can gain access to a company’s networks and systems include:
- Using stolen credentials obtained through data breaches or phishing campaigns.
- Exploiting known vulnerabilities in software or hardware.
- Malware can be installed via malicious websites and emails.
- Social engineering, where an attacker attempts to manipulate people into revealing sensitive information.
- Gaining access through a third-party vendor or partner with whom the targeted organization does business.
Organizations should be mindful of the potential for malicious actors to gain access to their legitimate email systems to send deceptive emails. It is also essential to be aware of any account takeover attempts and stay vigilant about monitoring for suspicious activity. Malicious actors are continuously adapting their tactics, but implementing best practices and having proper security protocols in place can help make it more difficult for them to succeed.
How to Protect Your Business From BEC Attacks
BEC attacks can have devastating financial and reputational costs for businesses. As such, it is essential to take action to protect your organization from cyberattacks. The FBI, FDA, and USDA recommend that organizations adopt measures to help protect themselves from BEC attacks.
Some suggestions include the following:
Regularly Updating Software and Systems to Fix Known Vulnerabilities
Cybersecurity teams should regularly review and patch known vulnerabilities in their systems, as this can help to make it more difficult for malicious actors to gain access. Organizations should also deploy security solutions such as firewalls, antivirus software, and intrusion detection systems to monitor traffic and detect any malicious activity. Two-factor authentication (2FA) should also be enabled for all accounts to prevent unauthorized access.
Educating Staff on Cybersecurity Best Practices
All personnel must know cybersecurity best practices and be trained to recognize potential scams or malicious emails. Companies should also implement policies such as requiring employees to use strong passwords and keeping them up-to-date. Organizations should also ensure that all employees know the importance of doing due diligence before completing a transaction.
Regularly Backing up Data
Organizations should also ensure that their data is regularly backed up to reduce the potential for data loss in the event of a successful attack. Regular backups should be stored offsite or in the cloud to prevent them from being affected if the system is compromised. Additionally, companies should have a response plan to identify and respond to any security incidents quickly. It is also essential that all personnel are aware of the incident response plan in case of an attack.
Implementing Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) should be implemented to require additional steps for users to gain access, such as a secondary form of authentication, such as a one-time code sent via text message or email. MFA also helps to prevent malicious actors from gaining access to accounts even if they have obtained the user’s password.
Additionally, organizations should implement additional security protocols such as strong passwords and regular password changes to ensure that accounts remain secure. Organizations should also consider implementing an identity and access management system that requires users to authenticate before granting access to sensitive systems or data.
Wrap Up
Business Email Compromise (BEC) attacks can devastate businesses’ financial and reputational costs. Organizations should protect themselves by adopting measures such as updating software and systems to fix known vulnerabilities, educating staff on cybersecurity best practices, regularly backing up data, and implementing multi-factor authentication (MFA).
By taking these measures, businesses can make it more difficult for malicious actors to gain access and reduce the chances of a successful attack. Strong security measures should be implemented with the help of experienced professionals to ensure that organizations are well-equipped to protect their data and systems in case of a BEC attack.
