In this blog series, our Executive Director Ben Taylor highlights a selection of cybersecurity, physical security, health or natural threat related stories from the past week.

Information Sharing Platform Launches

Cannabis ISAO Opens up Slack Workspace for Cannabis Industry and Security Professional Collaboration

Our FREE Slack workspace is a dedicated space for cannabis industry professionals alongside vetted security professionals to share best practices and lessons learned to further enhance the resiliency of the cannabis industry from all threats, including physical security, cybersecurity, and natural threats. Membership in the Cannabis ISAO is not a requirement to participate in the Slack workspace, but membership does allow access to additional channels and documents of increased sensitivity.  Interested parties can apply here.


FBI Warns of Credential Stuffing Attacks Against Grocery and Food Delivery Services

The FBI says that hackers are using credential stuffing attacks to hijack online accounts at grocery stores, restaurants, and food delivery services in order to drain user funds through fraudulent orders and to steal personal or financial data. The warning comes via an FBI Private Industry Notification (PIN) the agency’s Cyber Division sent last week to companies in the U.S. food and agricultural sectors. The FBI said that cybercriminal groups are using username and password combos obtained through breaches at other companies to log into customer accounts at grocery and food delivery services, hoping that users had reused passwords across accounts. Because most grocery, restaurants, and food delivery accounts tend to run a reward points program and typically store payment card information, cybercrime groups started focusing their efforts on hijacking these types of accounts over the past year. Cannabis delivery companies could be susceptible to similar attacks, especially considering this recent report on cyberattack trends which indicates “fraudsters tend to seek out industries that may be seeing an immense growth in transactions.” The FBI’s TLP:GREEN PIN has been placed in our Cannabis ISAO Slack channel (link for more info above).

The FBI said it received reports of several incidents that have taken place since July 2020:

  • As of February 2021, an identified U.S.-based food company suffered a credential stuffing attack that affected 303 accounts through customers’ emails. The cyber actors used six of the compromised accounts to make purchases through the U.S.-based company; however, the U.S.-based company canceled and flagged one of the orders as fraudulent. The US-based company suffered a financial loss of $200,000 due to the fraudulent orders.
  • In October 2020, customers of a restaurant chain reported orders fraudulently charged to their accounts as the result of a credential stuffing attack. The company reimbursed the customers for the fraudulent charges. Another restaurant chain experienced a credential stuffing attack in April 2019. Customers posted on social media that their payment cards had been used to pay for food orders placed at restaurants.
  • In July 2020, the personal information of customers of a grocery delivery company was being sold on the dark web. The information from approximately 280,000 accounts included names, partial credit card numbers, and order history. The company received customer complaints about fraudulent orders and believed the activity was the result of credential stuffing.
CISA Provides Recommendations for Protecting Information from Ransomware-Caused Data Breaches

As much of the nation’s public and private sector continues to suffer the damage, destruction and disruption caused by a ransomware data breach, it remains critical for all organizations to take appropriate steps to implement the protection and resilience required to reduce their risk. These data breaches, often involving sensitive or personal information, can cause financial loss to the victim organization and erode customer trust. The Cybersecurity and Infrastructure Security Agency (CISA) releases a new fact sheet, Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches, to help organizations protect sensitive and personal information from ransomware-caused attacks, and protect against and respond to ransomware-caused data breaches. In this fact sheet, CISA encourages organizations to adopt a heightened state of awareness and implement the recommendations to reduce their risk to ransomware and protect sensitive and personal information. Public and private sector partners will find information on preventing and responding to ransomware-caused data breaches. In addition, check out our latest Library Card Series blog post about CISA’s new Cybersecurity 101 Video Series, one of which discusses ransomware.

Physical Security

DHS Warns “Heightened Risk” of Violence Ahead of 9/11 Anniversary in New Terrorism Bulletin

“On August 13, 2021 the Secretary of Homeland Security, Alejandro N. Mayorkas, issued a new National Terrorism Advisory System (NTAS) Bulletin regarding the heightened threat environment across the United States.  The threat environment to the Homeland is diverse and challenging, especially leading up to and following the 20th Anniversary of the September 11, 2001 terror attacks as well as religious holidays that could serve as catalyst for targeted violence.   Threats in the Homeland include those posed by domestic terrorists, individuals and groups engaged in grievance-based violence, and those inspired or motivated by foreign terrorists and other malign foreign influences.  These actors are increasingly exploiting online forums to influence and spread violent extremist narratives and promote violent activity.  This Bulletin builds on Bulletins issued in January and May by the Department of Homeland Security (DHS) and provides more information about the threat landscape we face for the coming months… Full NTAS Bulletin available online here.” The following is an excerpt from the bulletin:

  • Historically, mass-casualty domestic violent extremist attacks linked to RMVEs have targeted houses of worship and crowded commercial facilities or gatherings. Some RMVEs advocate via online platforms for a race war and have stated that civil disorder provides opportunities to engage in violence in furtherance of ideological objectives. The reopening of institutions, including schools, as well as several dates of religious significance over the next few months, could also provide increased targets of opportunity for violence though there are currently no credible or imminent threats identified to these locations.

The cannabis industry has several large conventions coming up over the next few months. Any of those events could be seen as potential targets for terrorist activity. Organizers are advised to work with local law enforcement intelligence units in the lead up to the event to determine if extra security precautions are needed. This CISA resource guide discusses “Security of Soft Targets and Crowded Places“. 

In addition, yesterday saw a pro-Trump individual claim to have a bomb in his truck while promoting that “all democrats should step down”. The individual was arrested in by the U.S. Capitol Police (USCP). USCP Chief Tom Manger, who told reporters on Thursday that authorities couldn’t yet identify a motive, said that so far there is “no indication” the individual was acting with others. It does bring extra attention to a rally currently planned in DC for September 18. Police officials in Washington are increasingly concerned about the event taking place on federal land next to the Capitol that organizers have said is meant to demand “justice” for the hundreds of people already charged in connection with January’s insurrection. Organizers of the event, known as “Justice for J6,” have said it will be peaceful but law enforcement officials fear such a gathering with thousands of people could devolve quickly into violence. As evidenced by the events on January 6, things can escalate quickly. Cannabis organizations operating within the DC, Maryland, Virginia region should be mindful of suspicious activity leading up to September 18 and report suspicious activity. Learn more about reporting suspicious activity here.

Natural Threats

U.S. Declares First Western Reservoir Water Shortage, Triggering Cuts

U.S. officials for the first time on Monday declared an official water shortage for the massive Lake Mead reservoir, triggering supply cuts to parts of the drought-stricken Southwest, as 10 Western governors appealed for federal drought disaster aid. The shortage will reduce water apportionments to Arizona, Nevada and Mexico for the year beginning in October, the U.S. Bureau of Reclamation, an Interior Department agency, said in a statement. As cannabis growers in California hold a junior right and are the first in line to be curtailed in a drought. Cultivators in New Mexico were already wondering if there was enough water to support the industry.

A new study has found that cannabis farms in California’s prime growing regions, including the North Coast, rely primarily on groundwater wells to irrigate their crop as opposed to streams, providing more insight into the debate over water scarcity as the state grapples with a historic drought. The Cannabis Research Center at UC Berkeley report found that well water use by cannabis farms is common statewide, exceeding 75% among farms that have permits to grow in nine of the 11 top cannabis-producing counties that include Sonoma, Mendocino and Lake counties.

Three Tropical Storm Systems Simultaneously Pose Threat to North America

As Tropical Depression Fred continues up the east coast, leaving 35 people missing in North Carolina, Tropical Storm Grace has been downgraded after making landfall on the Yucatan Peninsula as a Category 1 Hurricane, but could return to hurricane status later today prior to its second landfall. Meanwhile, Tropical Storm Henri is expected to increase to a Hurricane by today or Saturday, and could impact the NE of the US over the weekend.

Be sure to check back every Tuesday as we publish our Library Card Series where we highlight one of the resources available in our library!

Check out the latest blog highlighting issues important to cannabis security!