Food and agriculture are being actively targeted by increasingly sophisticated adversaries in ways that neither business nor government can fully defend against.¹ Although not yet existential in their impact, the rate of maturation occurring within the ranks of these adversaries could soon provide capabilities to not just cripple food and agriculture for long periods of time, but in some cases also destroy businesses that help make the U.S. food supply the most readily available, safest, and most economical source of nutrition in the world. Food safety and security is, therefore, also very much at risk.

What is the emerging methodology used by threat actors to target food companies? Cognitive warfare—the war against one's mind. Through the exploitation of business credentials acquired via deception and other cognitive attacks, this next generation of adversaries is able to gain access to your company's systems, processes, and infrastructure. Rather than having to overcome physical and cybersecurity barriers, adversaries are increasingly using sophisticated social engineering-based attacks to accomplish business email compromise (BEC) and spear phishing techniques that target leadership and those with high-level access to internal or sensitive systems.

Credentials stolen via these attacks grant the attackers access to protected systems and networks. BEC and phishing not only compromise technical and financial systems but also have cognitive security impacts. Victims often lose trust in their email systems, websites, financial systems, business partners, and, in some cases, even the corporate IT security teams. While a healthy level of awareness benefits cybersecurity defenses, mistrust and paranoia can impose business costs and inefficiencies. Employees may lose confidence in the company's ability to protect them and their operations. Employees may experience decision fatigue due to the continual need to evaluate whether communications are fraudulent or legitimate. Employees may also become overly cautious, delaying normal workflows.

The Next-Generation Adversary

Food safety and food defense professionals traditionally focus on pathogens and product contamination. Food safety programs protect against accidental occurrences, while food defense programs guard against intentional contamination on the part of an adversary, whether external or internal. Denial of physical access has always been considered a key element and first line of protection in food defense. However, in the past decade, physical access has become less necessary for an attacker given the cyber element and the connectivity between information technology (IT) and operational technology (OT).

Cybersecurity defensive systems have become more robust; however, the adversary has continued to adapt. Food industry adversaries today come in many forms, ranging from those that are criminal in their intentions to those that are nation-state based. While the intentions and objectives of these adversaries may differ, the consequences are largely the same—loss of value, loss of productivity, loss of customers, and loss of trust.

Case Study: A TCO Targeting Western Companies

A research project initiated to identify threat actors running botnet command and control servers identified a group of individuals operating in Lagos, Nigeria.^a Their activities have been linked to Black Axe, a transnational criminal organization (TCO) carrying out internet scams and money laundering. Research revealed that Black Axe is active in hacking forums, taking what they learn from other criminals to employ in their own schemes. They create fake identities, fake companies, and fake website domains combined with social engineering techniques to target western companies for profit.

Further investigation revealed that Black Axe members frequently employ domain squatting—creating lookalike domains to impersonate legitimate companies as part of BEC schemes. Using knowledge gained from cybercriminal forums, they deploy remote access trojans (RATs) to infiltrate corporate email accounts and monitor communications, enabling them to perfectly time fraudulent invoices or divert payments to accounts under their control. These tactics align with patterns observed in the indictment of a Black Axe leader extradited to the U.S.² and corroborate CrowdStrike's findings on Nigerian cybercriminals leveraging phishing, RATs, and financial fraud tools to conduct transnational crimes.³

Many industries have been targeted or impersonated by this group including legal, shipping, industrial control, food production, and agriculture. Table 1 lists just a few of the internet domains linked to two actors masquerading as companies that are part of the food production supply chain.^b This is a common technique called "typosquatting," where actors register domains that look like a legitimate domain. These fake domains are then used to send emails or host copied websites to fool users into sharing information or sending funds.

The email address seintegratedtechnologies@gmail.com, used to register many of these domains, was identified as linked to the username “sebastinekelly,” alias “Euroboss,” on hacking forums Nulled and Cracked. It was also identified on an infected PC in Lagos, Nigeria with accounts on Hack Forums, WarZone, Xleet, and RaidForums, alongside domain registrars and hosting providers. Collectively, the sum of the data enables investigators to develop a picture of the web of criminals that are targeting food and agriculture, as well as service providers to those sectors.

Note that this particular financially motivated actor has operated largely unimpeded for over a decade. He is but one example of the type of increasingly sophisticated criminal that is currently targeting food and agriculture. There are many more like him. Many go undiscovered for long periods of time, meaning their impact can be cumulative. Criminal threat actors can certainly damage the bottom line and the quality of a corporate image, but what now must be considered as equally important is that this type of malign actor may also gain access to your systems, processes, and intellectual property through the use of compromised credentials. With that access, the perpetrator will often make these access credentials available to the highest bidder—another adversary bent on destroying your company. Adversaries who are engaged in corporate destruction will aggressively target food safety, with the goal of dramatically increasing liability through adulterated food products.

Low-level criminals and TCOs are increasingly cooperating with malign nation-state actors and terrorist organizations. Additionally, malign state actors and terrorist organizations are increasingly participating in what are called "false flag operations," hiding their true objectives by impersonating cybercriminals. As a result of these activities, "the lines between cybercrime and cyberespionage are becoming increasingly blurred, with the number of such occurrences on the rise."⁴

“In recent years, online rumors and false narratives have been used to tarnish the reputation of food products, create panic about supply chain shortages, or spread fear regarding product safety.”

Federal Elements

Euroboss is currently a minor target for law enforcement, given the fact that there are hundreds of thousands of criminals just like him operating around the world. Given that he is a low-level criminal, he is also not a target for the national security community, meaning that very little or no intelligence is being gathered on him. In this sense, Euroboss is one small fish in a very large ocean of adversaries. Low-level criminals use this insignificance to their advantage. There are at least 90 agencies with a law enforcement role/function at the federal level; however, given more serious criminality, minor criminals often escape attention.⁵ Malign state actors understand this also, which is the reason they are increasingly spoofing low-level criminals in false flag operations.

The lead agency for cyber-related crime investigations is the Federal Bureau of Investigation (FBI). The Cybersecurity and Infrastructure Security Agency (CISA) also works with the food industry to prevent cyber-related crime, both in terms of security for information technology (IT) and operational technology (OT) systems. However, CISA does not yet have the capacity to address the complex matrix of suppliers, ingredients, equipment, and processes, or the interface of IT and OT involved within the food industry.

How serious is the growing threat? One FBI expert characterizes "…the cyber risk and the national security risk for farms and ranches and our food processing facilities [as] growing exponentially." In making the case for this increased concern about threats to the nation's agriculture sector, the expert cited that the number and types of threats have increased, including "ransomware attacks, malicious software (malware) from foreign adversaries, theft of data and intellectual property, and bioterrorism."⁶

The Cognitive Nexus of Threats

Ever more insidious adversarial actors, whether nation-state based, TCOs, or lone criminals, will increasingly seek to manipulate people using deception to cause decisions to be made that are not otherwise in the best interest of food corporations. Like in the story where Greek forces used a wooden horse to enter and finally conquer Troy, the cognitive threat actor will seek to gain access to food corporations without alerting defenses. In today's connected world, it is unfortunately a common occurrence for a criminal to fool a victim into believing that an email, website, mobile app, or even a physical device like a printer is perfectly safe.

The same is true for food processing systems, which have been unknowingly compromised. Once inside the protected enclave of the victim, the adversary can gain virtually unlimited access to sensitive information, manipulate corporate decisions, or even manipulate food safety-related processes.

In the past decade, we have learned the value of the Internet of Things (IoT). In today's world and for the foreseeable future, we will need to be cognizant of another IoT–the "Internet of Threats." For example, in the past two years, the rise of generative artificial intelligence (GenAI) has provided criminal organizations with new and creative tools for deceiving their victims. From fake audio and video to fake Zoom calls, to highly believable phishing emails generated within minutes of a breaking news story, GenAI has quickly grown to be an attacker's best friend.

Cognitive Security Systems

Amid the realities of the increasingly sophisticated threat environment, there is good news. Corporations outside of the critical infrastructures of food and agriculture have increasingly been fighting the cognitive war and are developing strategies and technologies that can help keep the cognitive adversary at bay.

From a cyber perspective, there are well-matured mitigating steps to take (physical hardening, zero trust architecture, redundancy of sites and systems, etc.) to deter adversaries and mitigate the risks they pose. However, even the most secure system can be infiltrated by traitors, including insiders. Compromised access credentials can be one result—in effect, handing the adversary the "keys to the kingdom." Vigilance against insider threats is, therefore, an increasingly critical element in the next generation of cognitive security systems. Access to systems should be strictly limited to only those employees that truly need access to systems. Given that employee communications can be accomplished by other means, every employee may not need access credentials.

Robust cognitive security systems are being developed that combine technology, along with strategies, tactics, techniques, and procedures (STTPs) which:

• Defend against the manipulation of human decision-making
• Defend against the manipulation of elements involved in human-machine system interfaces and human-machine ecosystems
• Defend against person-to-group behavioral manipulation
• Defend against narrative and/or brand weaponization
• Defend against politicized and/or monetized information environments.

Given the importance of maintaining Operational Security (OPSEC), so as not to inform our adversaries, the specifics of Cognitive Security Systems cannot be discussed here. How then does a company learn more about these Cognitive Security Systems and strategies? Internal to corporations, given the pace of the growing Cognitive Threats, food corporations should consider rapidly expanding Food Defense programs to include Cognitive Security Defenses. Given that these are new concepts to food production and processing, it is equally imperative that corporations consult only trusted sources for experts. The Information Professionals Association is one such trusted organization that has within its ranks credentialed experts that can help harden corporate Cognitive Defenses.

Information Sharing

Despite these growing concerns, challenges still remain in the sharing of information among national-level intelligence, law enforcement organizations, state, local, tribal, territorial (SLTT) governments, and critical infrastructure owners and operators that are charged with protecting their part of the critical agricultural supply chain. Information sharing continues to be a challenge and is less about technology than about cultural issues associated with the sharing of sensitive material that could reveal sources and methods. Within business, there are equal concerns about exposing information that may be used to advantage by competitors. Both types of concerns about sharing information are legitimate, but only to the degree that they protect rather than hinder (or in worst cases, endanger) the assets being protected. Solutions must be found.

Food systems, including producers, food processors, and all their suppliers, will increasingly need to protect themselves in a more holistic manner than is currently accomplished. Sharing information about the types of cognitive attacks and social engineering techniques being used by adversaries is as important as sharing information about the latest malign AI algorithm or hacker tool being encountered.

Food and Agriculture is the only Critical Infrastructure sector still lacking a comprehensive Information Sharing and Analysis Center (ISAC). The Food and Agriculture sector needs an ISAC that spans the full range of threats and threat actors. A comprehensive Food and Agriculture ISAC (FA-ISAC) is also needed to act as a bridge between industry and government. Cyber warfare is a reality for the foreseeable future. So, too, is cognitive warfare. The food industry must learn to protect itself in new ways, commensurate with the maturation of the threats. To do otherwise not only endangers food corporations, but also the very food supply. Neither is acceptable.

Notes

• The data referred to in this article was obtained using private sector analytical services and databases made available to the authors. The authors sincerely thank those responsible for the analysis.
• Data obtained from private sector sources.

References

1. Sachs, M.H., A.D. Whiskeyman, R.A. Norton, D.M. Gerstein, and C.A. Young. "Cognitive Security, a Growing Concern for Food Safety: Part 3." Food Safety Magazine February/March 2025. https://www.food-safety.com/articles/10125-cognitive-security-a-growing-concern-for-food-safety-part-3.
2. U.S. Attorney’s Office, District of New Jersey. "Prominent Leader of Black Axe Extradited to United States for Conspiring to Engage in Internet Scams and Money Laundering." December 16, 2024. https://www.justice.gov/usao-nj/pr/prominent-leader-black-axe-extradited-united-states-conspiring-engage-internet-scams-and#:~:text=Black%20Axe%20is%20organized%20into,scams%20and%20advance%20fee%20schemes.
3. CrowdStrike. "Intelligence Report: Nigerian Confraternities Emerge as Business Email Compromise Threat." Match 20, 2018. https://www.crowdstrike.com/wp-content/uploads/2020/03/NigerianReport.pdf.
4. Constantin, L. “Nation state actors increasingly hide behind cybercriminal tactics and malware.” November 1, 2024. CSO. https://www.csoonline.com/article/3595792/nation-state-actors-increasingly-hide-behind-cybercriminal-tactics-and-malware.html.
5. Brooke, C. and BJS Statistician. “Federal Law Enforcement Officers, 2020—Statistical Tables.” Bureau of Justice. September 2022. https://bjs.ojp.gov/library/publications/federal-law-enforcement-officers-2020-statistical-tables.
6. Federal Bureau of Investigation (FBI). “Protecting Critical Infrastructure: Agriculture Threats Symposium in Nebraska Highlights Safety Measures to Safeguard the Nation’s Critical Food Infrastructure.” August 20, 2024. https://www.fbi.gov/news/stories/agriculture-threats-symposium-in-nebraska-highlights-safety-measures-to-protect-nations-critical-food-infrastructure.