Fendt Tractor

Cyber Attack Halts Production at Ag Equipment Maker AGCO Fendt

A cyber attack has disrupted the operations of AGCO/Fendt, a major manufacturer of agricultural equipment, the company has acknowledged.

AGCO/Fendt, headquartered in Duluth, Georgia, said in a statement to the Security Ledger that it was the subject of a cybersecurity incident that “has impacted some of our production facilities. We are working to address the issues. Our first priority is to restore those critical activities needed to keep farmers farming.” The company first acknowledged the attack on Thursday, May 5.

Factories hobbled in Germany, France

That followed published reports in German and French publications stemming from unexpected shutdowns of manufacturing facilities in those countries. For example, Fendt employees at the Marktoberdorf, Germany site were temporarily sent home according to a report in the Allgäuer Zeitung. Disruption of the company’s computer network has suspended production and transportation of tractors at the facility. Subsequent reports have identified other AGCO/Fendt facilities in Germany and France that have been crippled by the attacks, including one in Bäumeheim, Germany.

Episode 214: Darkside Down: What The Colonial Attack Means For The Future of Ransomware

In its statement, AGCO/Fendt did not provide an update on the company’s efforts to recover from the attack. A spokesman said AGCO/Fendt would “provide updates to impacted employees, dealers, suppliers and customers as the situation progresses.”

Cyber attacks on agriculture on the rise

So far there is little information on who or what is behind the attack on the manufacturing sites. However, law enforcement and officials in the U.S. have been warning about the prospect of heightened attacks on agriculture. After a string of ransomware attacks on grain coops in September and October, the FBI recently warned of more cyber attacks targeting the agricultural sector as planting season commenced. 

The FBI said a number of attacks have targeted grain coops and other food and agriculture supply chain players already in 2022. They include a March 2022 Lockbit 2.0 ransomware attack on what’s described as a “multi-state grain company” that also provides seed, fertilizer, and logistics services and a February 2022 attempted attack on a “company providing feed milling and other agricultural services.”

As we noted last week, the FBI warning does not mention attacks on agricultural equipment makers, but experts say that the ability of such attacks to cause widespread disruption of farming activity can’t be discounted.

Risk of cyber attacks grows

A 2019 report for Lloyd’s of London on the Evolving Risks in Global Food Supply notes that the advent of technology-enabled precision agriculture makes farming and food production more susceptible to cyber disruptions, according to Molly Jahn, a co author of the report who is a program manager in the Defense Sciences office at DARPA and a faculty member at the University of Wisconsin Madison.

Kevin Kenney, a Nebraska farmer and advocate for farmers’ right to repair said that the economics of planting and harvest season make it the ideal time for cybercriminals and nation state actors to do their thing.

“We’re just getting going with our most important three weeks of the year; planting corn and soybeans.   During this time, an average farmer’s time is worth $1000/hour versus the harvest value of his crop.  Running tractor equipment means everything,” he wrote in an email.  

The same features that let local agricultural equipment dealers know when a piece of equipment they’ve sold or serviced has thrown an error code might also allow a cyber criminal to launch a remote attack that cripples that same equipment, Kenney argued.

“If one of the thousands of John Deere Dealerships can do this…don’t you suppose a bad actor could do the same?” 

We want to hear your thoughts! Leave a reply.

This site uses Akismet to reduce spam. Learn how your comment data is processed.