The latest cyber-attack on Colonial Pipeline exposes vulnerabilities in traditional infrastructure and highlights the need for keeping up with the digital realities of modern enterprises. It is a significant indicator that governments across the world need to up their game to strengthen their cybersecurity systems.
Colonial Pipeline, one of the largest pipelines responsible for providing around 45% of fuel to the U.S. East Coast, suffered one of the worst ransomware attacks in the energy sector. An early report conducted by the BBC indicated that the Colonial’s systems were compromised on 6th May 2021. It stated that the attackers stole nearly 100 gigabytes of data before it was encrypted. This is one of the most recent ransomware attacks that employed the exfiltration strategy predicted by Acronis, a major trend that is expected to continue till the end of 2021.
Colonial has shut down the pipeline operation to prevent the spread of infection of its business systems, which could end up comprising the operational control systems of the pipeline. Colonial is partnering with industry experts to restore its services.
In its statement made on 10th May, Colonial stated that restoring its network to normal operations requires the diligent remediation of its systems. It further added that the company’s team was executing a plan that involves an incremental process that facilitates a return to service in a phased manner.
The initial attack vector that breached the operation is yet to be disclosed. It is unclear whether unpatched software, emails or weak passwords played a role in the particular incident. These attacks used common, effective attack vectors, with email being the top vector.
DarkSide, the ransomware group, confirmed that they were behind the ransomware attack. The cyber gang stated that it aims to make money and not create problems for society.
While speaking to ITSecurityWire about the incident Sean Derby, Director of Services, Sempris stated, “Whether the DarkSide operators had intended to attack an important piece of U.S. infrastructure, or whether an affiliate organization used the ransomware-as-a-service without their blessing to attack, the Colonial Pipeline attack signals it’s now open season on infrastructure providers. While the rewards may be larger for critical utilities like these that likely have deep pockets, attacking such high-visibility targets also means the stakes are higher for the ransomware actors.”
Also Read: Emerging Cybersecurity Trends in 2021
Even though DarkSide claims that it won’t target schools, government agencies, hospitals, their actions may provoke other ransomware gangs to target critical infrastructure. “The Colonial Pipeline attack is making DarkSide a more intense focus for law enforcement, which is not good for their continued business, so it’s possible they may adopt a low profile for a while,” says Sean Derby. He further added,” Regardless of what happens to DarkSide, there are many other ransomware actors watching these events and making their own decisions on whether they too should begin attacking similar targets. The message is clear: the infrastructure sector should be running to secure their systems. Time is up.”