As Infrastructure Week Begins in the US, A Massive Ransomware Attack Drives the US Government to Enact Emergency Legislation
By: Mohie Ahmed
The US government issued emergency legislation earlier this week after the largest fuel pipeline in the US was hit by a ransomware cyberattack.
The Colonial Pipeline carries 2.5 million barrels a day, nearly 50% of the East Coast’s supply of diesel, gasoline, and jet fuel, and was completely taken offline by a criminal ring last Friday.
This is the latest example of what the risks are when critical infrastructure, whether fuel pipelines, electrical grid, water treatment, and storage facilities, and more, are not monitored, managed, maintained, and in some cases equipped with automated control systems – where IT meets OT.
Oil futures traders scrambled to meet demand, especially for vehicular fuels, as consumers return to their workplaces and the US economy attempts to shake off the effects of the pandemic.
The government is now allowing fuel transportation vehicles beyond the usual restricted limit to address the shutdown of the supply chain, but the amount of fuel that can be shipped is nowhere near what the demand calls for.
Multiple sources confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial’s network on Thursday and took almost 100GB of data hostage.
After stealing the data, the hackers locked computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the Internet.
Colonial is working with law enforcement, cyber-security experts, and the Department of Energy to restore service, which is underway in certain parts of the pipeline.
“Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” the firm said.
This latest incident brings to light the importance of ensuring ALL digital systems in the US are protected, so hackers cannot break into the systems that control critical infrastructure. These attacks are growing in scale and sophistication and highlight the increasing risks when IT systems are not fully protected in the realm of critical national industrial infrastructure, not just businesses.
Some analysts suggest that the Colonial Pipeline cyberattack came about due to the coronavirus pandemic, as engineers had to remotely access control systems for the pipeline from home. Login credentials related to remote desktops on Virtual Desktop Infrastructure (VDI) would have been easy to steal and then sell, given the lack of attention being paid to access credentials.
Every public and private organization that is part of the critical infrastructure ecosystem must immediately review the security measures they have in place and make sure their Privileged Access Management platforms are robust and effective, that they protect cloud-based systems and applications, including those which enable remote working.
You can learn more about how simple it is to protect critical systems using Ironsphere’s PAM solutions here.
As Cyber Attacks Grow, Data Center Operators Can Bring Value-Added Services to Enterprises Leveraging Cloud-Based Access Management Services
No threat facing businesses today has grown as fast, or in a manner as difficult to understand, as the danger from cyberattacks. Cyber threats are increasing in both volume and sophistication, and as the world continues to become more digital with every passing day, cyber threats will only keep growing in both aspects. As a result, organizations today are turning to robust cybersecurity solutions, such as Privileged Access Management (PAM), to keep both their data and their customer’s data safe.
Privileged Access Management as a Service: An Exciting new Value-Added Service for Data Center Service Providers
Given the increasing complexity of compliance, and the growing risk of data breaches, even as public cloud, hybrid cloud, and multi-cloud solutions are being implemented, businesses of all sizes need support in protecting what they connect, and many count on their data center providers for guidance and solutions.
How Secure Are VPNs? Given Increasing Successful Attacks, It’s Time to Take a Hard Look at PAM for Zero Trust Solutions
Since the early 1990s, VPNs (Virtual Private Networks) have been central to providing remote users with access to the corporate network.
Thirty years later, in 2020, when legislation and population health initiatives mandated work-from-home, bad actors recognized and acted upon their massive opportunity to attack VPNs and initiate data theft and ransomware attacks as applications, in the heat of the moment, moved outside the traditional perimeter.