As Infrastructure Week Begins in the US, A Massive Ransomware Attack Drives the US Government to Enact Emergency Legislation

11

MAY 2021

By: Mohie Ahmed

The US government issued emergency legislation earlier this week after the largest fuel pipeline in the US was hit by a ransomware cyberattack.

The Colonial Pipeline carries 2.5 million barrels a day, nearly 50% of the East Coast’s supply of diesel, gasoline, and jet fuel, and was completely taken offline by a criminal ring last Friday.

This is the latest example of what the risks are when critical infrastructure, whether fuel pipelines, electrical grid, water treatment, and storage facilities, and more, are not monitored, managed, maintained, and in some cases equipped with automated control systems – where IT meets OT.

Oil futures traders scrambled to meet demand, especially for vehicular fuels, as consumers return to their workplaces and the US economy attempts to shake off the effects of the pandemic.

The government is now allowing fuel transportation vehicles beyond the usual restricted limit to address the shutdown of the supply chain, but the amount of fuel that can be shipped is nowhere near what the demand calls for.

Multiple sources confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial’s network on Thursday and took almost 100GB of data hostage.

After stealing the data, the hackers locked computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the Internet.

Colonial is working with law enforcement, cyber-security experts, and the Department of Energy to restore service, which is underway in certain parts of the pipeline.

“Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” the firm said.

This latest incident brings to light the importance of ensuring ALL digital systems in the US are protected, so hackers cannot break into the systems that control critical infrastructure. These attacks are growing in scale and sophistication and highlight the increasing risks when IT systems are not fully protected in the realm of critical national industrial infrastructure, not just businesses.

Some analysts suggest that the Colonial Pipeline cyberattack came about due to the coronavirus pandemic, as engineers had to remotely access control systems for the pipeline from home. Login credentials related to remote desktops on Virtual Desktop Infrastructure (VDI) would have been easy to steal and then sell, given the lack of attention being paid to access credentials.

Every public and private organization that is part of the critical infrastructure ecosystem must immediately review the security measures they have in place and make sure their Privileged Access Management platforms are robust and effective, that they protect cloud-based systems and applications, including those which enable remote working.

You can learn more about how simple it is to protect critical systems using Ironsphere’s PAM solutions here.

Similar Blogs

As Cyber Attacks Grow, Data Center Operators Can Bring Value-Added Services to Enterprises Leveraging Cloud-Based Access Management Services

As Cyber Attacks Grow, Data Center Operators Can Bring Value-Added Services to Enterprises Leveraging Cloud-Based Access Management Services

No threat facing businesses today has grown as fast, or in a manner as difficult to understand, as the danger from cyberattacks. Cyber threats are increasing in both volume and sophistication, and as the world continues to become more digital with every passing day, cyber threats will only keep growing in both aspects. As a result, organizations today are turning to robust cybersecurity solutions, such as Privileged Access Management (PAM), to keep both their data and their customer’s data safe.

read more
How Secure Are VPNs? Given Increasing Successful Attacks, It’s Time to Take a Hard Look at PAM for Zero Trust Solutions

How Secure Are VPNs? Given Increasing Successful Attacks, It’s Time to Take a Hard Look at PAM for Zero Trust Solutions

Since the early 1990s, VPNs (Virtual Private Networks) have been central to providing remote users with access to the corporate network.
Thirty years later, in 2020, when legislation and population health initiatives mandated work-from-home, bad actors recognized and acted upon their massive opportunity to attack VPNs and initiate data theft and ransomware attacks as applications, in the heat of the moment, moved outside the traditional perimeter.

read more