Ransomware Attack Cripples Major US Pipeline!

Share This Post

A ransomware attack is being blamed for halting pipeline activities for the Colonial Pipeline Company, which supplies the US East Coast with roughly 45% of it liquid fuels.

Colonial Pipeline Company says it is the victim of a cyber-attack that forced the major provider of liquid fuels to the US East Coast to temporarily halt all pipeline operations.

In a statement released Sat., the Colonial Pipeline Company said it temporarily halted pipeline operations in response to a cyber-attack impacting the company on Fri.

“On May 7, the Colonial Pipeline Company learned it was the victim of a cyber-security attack. We have since determined that this incident involves ransomware,” the company wrote in a Sat. statement.

Precaution

As a precaution the company took key systems offline to avoid further infections.

“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, & affected some of our IT systems,” the company stated. “Upon learning of the issue, a leading, 3rd-party cyber-security firm was engaged, & they have launched an investigation into the nature & scope of this incident, which is ongoing.”

Law Enforcement

The company, which delivers gasoline and diesel fuel to the US East Coast, stated it has also contacted law enforcement & other US Federal agencies.

“Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service & our efforts to return to normal operation,” according to the statement.

What Is Known

Many questions remain unknown e.g.,, was the pipeline shut down as a precaution or as a result of the cyber-attack? Who was behind the attack & how sophisticated were the attackers when it came to targeting & infecting critical Colonial Pipeline Company systems?

“It’s not yet clear whether they shut-down the pipeline out of an abundance of caution to stop the spread of the ransomware payload or they can’t operate the pipeline because either OT systems have been impacted or they are dependent on IT systems,” wrote Dave White, President of Axio.

Red Balloon Security

Ang Cui, CEO of Red Balloon Security, who does advanced threat research for the DOD & DHS, focused on embedded devices & ICS, observed it was likely a criminal not nation-state attack.

“Although Colonial shut down its operations, it doesn’t necessarily mean the ICS was compromised,” wrote Cui in an email statement regarding the Colonial cyber-attacks. “It could be that they didn’t have enough separation between the IT & OT systems, so they pulled the plug before the attackers realised they had access to those sensitive systems – which would have significantly increased the cost of the ransom, in addition to jeopardising physical controls.”

Persistent Problem

The attack comes as ransomware attacks have reached near epidemic proportions. 2020 alone the number of ransomware attacks grew more than 150%, according to a Group-IB researchers report. The issue has also prompted co-ordinated global efforts to combat ransomware.

Last month, a coalition of 60 global entities, which included the US Dept. of Justice, proposed a sweeping plan to hunt down & disrupt ransomware gangs by going after their financial operations.

Critical Infrastructure

In Feb. 2020, the Cyber Security & Infrastructure Security Agency (CISA) issued an alert warning critical infrastructure targets, such as pipelines, were increasingly being targeted by hackers. The warning was sparked by a ransomware attack that hit a natural gas compression facility in the US that caused a 2-day shutdown of an unnamed victim.

The initial compromise to the IT network led to the cyber-attacker deploying a “commodity ransomware” to encrypt data on both the IT & the OT networks. The ability to pivot was thanks to a lack of network segmentation between the IT & the OT portions of the infrastructure, CISA commented at the time.

Energy-Critical Asset

“The US economy is critically dependent on energy pipeline infrastructure. It is important for all energy-critical asset owners & the US Federal Govt. undertake risk analysis & economic quantification studies to understand the scale of impact from events like this & support investment in appropriate protections,” White wrote in a statement on Sat.

Cui said he believes a key part of the problem, in critical-infrastructure attacks, is that operators often do not isolate or secure these systems. “The vendors aren’t securing these ICS devices to begin with, & patching is difficult,” he concluded.

Virtual Conference May 2021

 

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds