Are Cyber Criminals Just Criminals? Or Something Worse?

Andrej Petreski, AmCham Digital Transformation Committee Chair/ Cisco Territory Business Manager for North Macedonia & Kosovo

Do you know who Erica Gutierrez is? No? Neither do I. 

OK – I learned who is she today when I read a CNN article about her – a single mom from Texas, who was told on Monday to stay home and not come to work due to a cyber-attack on her employer, one of the largest meat producers in the USA –JBS SA company. CNN explained to us that Erica’s paycheck may be reduced due to the massive stop of meet production that threatened to block almost a quarter of the USA’s meat production (plus production plants in Canada, New Zealand, and Australia) – because probably Russian ransomware malware enterprise REvil attacked and encrypted its systems. Of course, this sentimental manipulation was just a cherry on the top that pushed us toward emotional response instead of toward rational evaluation of the terrifying news: evil hackers have just stopped almost the entire industrial sector of the global leader that employs more than 250.000 people on two continents. Unbelievably massive vulnerability of one of the most critical industrial sectors in the world is what should really worry us.

The consequences of the attack could be also massive.  Stopping the company that controls more than 20% of the USA meat market at the beginning of the grilling season – might increase the price of meat amid high demand from China. A similar thing happened one month ago when major USA Colonial pipeline systems also went down due to a cyber-attack causing the price of gas to go up. It reminds us how fragile the supply chain industry is today, especially when companies are highly dependent on IT.

JBS attack is one more signal of the critical shift in cybercriminal strategy.  The common understanding of the cybercriminal phenomenon is that hackers are doing it for money. However, at least two recent attacks show a clear change of focus: attacks hit the critical industries that supply more than 100 countries and millions of people on different continents causing massive shortages, financial losses and affecting large populations. Cybercriminals are aiming to undermine the public confidence which is, I think more malicious than ever. 

The game and the stake in it become big it seems. Strong protection of critical business infrastructures becomes an absolute imperative for all industries. Cybersecurity has to become a Boardroom priority if it is not already.  When criminals attack food and oil productions, hospitals, banks… each of us should act responsibly and seriously.

Though the details of the JBS attack are not out, it’s a pretty safe bet that the method of intrusion involved credential theft and privilege escalation. Attackers find a weak way into the system, via stolen passwords, default account credentials, phishing, or some other means. After entering the week point, they find their way to sensitive data.

So – are then we all in a similar position like above mentioned Erica Gutierrez and we can just helplessly wait for cybercriminals to get their payloads and ransoms and hopefully leave for good?

Well, fortunately – we are not. There are two prerequisites for winning the game with cybercriminals. The first one is knowledge:  you must know more than them. Cisco systems collect more than 1 million pieces of information on global malware every second. The second one is philosophy: you must be proactive instead of reactive.  There are systems out there developed to stop the most fierce malware attacks even before they happen.  Cisco Umbrella is one of them.

So, if states cannot protect you – then protect yourself.

The first step is to read the link>  

This article has been published by our media partner KAPITAL – Read the entire article in Macedonian here:

Scroll to Top