As Infrastructure Week Begins in the US, A Massive Ransomware Attack Drives the US Government to Enact Emergency Legislation

The US government issued emergency legislation earlier this week after the largest fuel pipeline in the US was hit by a ransomware cyberattack.

The Colonial Pipeline carries 2.5 million barrels a day, nearly 50% of the East Coast’s supply of diesel, gasoline, and jet fuel, and was completely taken offline by a criminal ring last Friday.

This is the latest example of what the risks are when critical infrastructure, whether fuel pipelines, electrical grid, water treatment, and storage facilities, and more, are not monitored, managed, maintained, and in some cases equipped with automated control systems – where IT meets OT.

Oil futures traders scrambled to meet demand, especially for vehicular fuels, as consumers return to their workplaces and the US economy attempts to shake off the effects of the pandemic.

The government is now allowing fuel transportation vehicles beyond the usual restricted limit to address the shutdown of the supply chain, but the amount of fuel that can be shipped is nowhere near what the demand calls for.

Multiple sources confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial’s network on Thursday and took almost 100GB of data hostage.

After stealing the data, the hackers locked computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the Internet.

Colonial is working with law enforcement, cyber-security experts, and the Department of Energy to restore service, which is underway in certain parts of the pipeline.

“Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring,” the firm said.

This latest incident brings to light the importance of ensuring ALL digital systems in the US are protected, so hackers cannot break into the systems that control critical infrastructure. These attacks are growing in scale and sophistication and highlight the increasing risks when IT systems are not fully protected in the realm of critical national industrial infrastructure, not just businesses.

Some analysts suggest that the Colonial Pipeline cyberattack came about due to the coronavirus pandemic, as engineers had to remotely access control systems for the pipeline from home. Login credentials related to remote desktops on Virtual Desktop Infrastructure (VDI) would have been easy to steal and then sell, given the lack of attention being paid to access credentials.

Every public and private organization that is part of the critical infrastructure ecosystem must immediately review the security measures they have in place and make sure their Privileged Access Management platforms are robust and effective, that they protect cloud-based systems and applications, including those which enable remote working.

You can learn more about how simple it is to protect critical systems using Ironsphere’s PAM solutions here.

Similar Blogs