How Cyberattackers Hack Farm Equipment
The rise of connected farm equipment means machinery is now susceptible to hacking. This isn’t just a theoretical threat, either — some farmers have already become victims of cyberattacks. How do cybercriminals target farms, and how can farmers stay safe?
1. Phishing
Social engineering is one of the most popular forms of cyberattack in any industry. Phishing — where attackers impersonate trusted sources to trick targets into unsafe behavior — is a particularly prevalent kind of social engineering.
Phishing often comes in the form of emails claiming to be from known contacts or companies. However, these messages either contain malicious code or will convince users to give away sensitive information. In one instance, a farmer accidentally shut down a milking machine and several tractors after clicking a link in a phishing email that installed a backdoor for hackers to take over the equipment.
How to Protect Against It
Thankfully, phishing is relatively easy to prevent once farmers know what to look out for. Such messages often have several red flags, such as unusual urgency, spelling mistakes or strange email addresses. Farm employees can be extra safe by never clicking on an unsolicited link or divulging sensitive information over email.
2. Remote Takeovers
In some cases, cybercriminals take a more technical approach. Many farm machines today have remote access features, and attackers can hack into them to gain control without being physically present.
A Ukrainian dealership remotely disabled stolen tractors after Russian forces captured them in 2022. While this instance may be a positive application of remote control features, it highlights the dangers of a potential attack. Hackers that breach these accounts could do the same to unsuspecting farmers, shutting off tractors or irrigation systems from afar.
How to Protect Against It
The best way to defend against these attacks is to deactivate unused or unneeded connectivity features. Keeping connected farming equipment on a different network than other devices — a practice called segmentation — will help by minimizing potential entry points. Farmers should also regularly update their machines’ firmware to get the latest security patches and look for compatible anti-malware and breach detection software.
3. Ransomware
Ransomware is another concerning threat. It can come through several means — usually, it starts as phishing. Regardless of its origin, it locks users out of their machines or encrypts important data until they pay a ransom.
A recent ransomware attack in Switzerland highlights how dangerous these attacks can be for farmers. Attackers shut down a milking robot, demanding $10,000 in return for restored access. More worryingly, the incident led to the death of a cow because the machine stored vital data on the farmer's livestock, leaving him in the dark about their health.
How to Protect Against It
Anti-phishing measures will do a lot to stop ransomware, but they’re not a complete solution. Farmers should also back up all critical information and files, as backups are the best way to protect against data loss from malware and minimize the impact ransomware can have. Larger farms with big enough budgets may consider real-time monitoring software to detect and stop ransomware as soon as it appears.
4. Account Takeover
Because many connected farming systems rely on online accounts, cybercriminals can also affect them through account takeovers. This usually involves getting a username and password by using stolen data from past data breaches or randomly guessing passcodes until one works — an attack known as “brute forcing.”
Account takeover attacks are simple but devastating. A single breach can let hackers access all the tractors and other connected machinery on a farm.
How to Protect Against It
The key to preventing account takeover attacks is to practice better credential management. That starts with using stronger passwords and ensuring they’re unique. Reused credentials mean a breach from one account can give hackers access to a different one. Enabling multi-factor authentication is another crucial step, as it makes accounts 99% less likely to be hacked successfully.
5. Malicious Updates
Sometimes, cybercriminals go to the source. Instead of targeting a specific machine, they’ll gain access to the company in charge of the equipment’s software. They can then insert malicious code into an update to compromise multiple devices at once.
This is what happened in the now-infamous SolarWinds attack, which affected thousands of customers of a software vendor through a malicious update. As connected systems from major manufacturers like John Deere become more popular, similar incidents could occur in agriculture.
How to Protect Against It
Farmers themselves are not at fault for malicious updates, as the responsibility falls on the manufacturer. However, they can reduce their risk by only buying connected machinery from reputable vendors. Any company that can’t assure them of their cybersecurity practices or with a history of breaches isn’t worth partnering with.
As Farms Get Smarter, Cybersecurity Becomes Crucial
Smart farming equipment has plenty of benefits. It can make farm work far more efficient, safe and precise. However, its risks deserve attention.
Any machinery connected to the internet or other devices is at risk of hacking. Farmers hoping to make the most of this technology must learn how it's vulnerable and how they can protect it.
Comments (0)
This post does not have any comments. Be the first to leave a comment below.