Investigators are trying to rebound from a crippling cyber-attack that shut down the supply of oil into the United States’ main gasoline pipeline. Colonial Pipeline’s breach is being hailed as one of the most serious attacks on essential national infrastructure in history. The pipeline transports about half of the east coast’s gasoline supply, and if the shutdown lasts longer, costs at the pump are likely to increase.
The oil industry conjures up images of tanks, pumps, and greasy black liquid in the minds of many people. In fact, Colonial Pipeline operates in a highly digital environment. Hundreds of miles of piping are used to track and regulate the supply of diesel, gasoline, and jet fuel using pressure sensors, thermostats, valves, and pumps.
All of the operating infrastructures are linked to a single device. As cyber-experts including CheckPoint’s Jon Niccolls clarify, anywhere there is connectivity, there is a chance of cyber-attack:
“If they’re linked to a company’s internal network and the network is hacked, the pipeline becomes vulnerable to malicious attacks.”
How Did The Intruders Gain Access?
Direct attacks on operating technology are uncommon, according to analysts, since these devices are generally better secured. As a result, it’s more possible that the hackers obtained access to Colonial’s operating system from the company’s administrative hand.
“For example, an employee may have been duped into installing malware.
“We’ve also seen recent reports of hackers breaking in or exploiting flaws in third-party applications or compromising it.
Before releasing their ransomware assault, hackers may have been within Colonial’s IT network for weeks or even months. Criminals have previously caused havoc by infiltrating the software systems that control operating technology.
A hacker obtained access to the water supply of a Florida city in February and attempted to inject a “dangerous” quantity of a chemical. On his computer screen, a worker saw what was going on and intervened to stop the assault. In the winter of 2015-16, hackers in Ukraine were able to manipulate digital switches in a power plant, resulting in power outages that affected hundreds of thousands of people.
What Should Be Said To Put An End To This?
The most straightforward way to safeguard operating infrastructure is to keep it offline, with no connection to the internet. However, as companies rely on connected devices to increase performance, this is becoming more difficult.
“Traditionally, organizations did something called ‘air gapping,'” says Kevin Beaumont, a cyber-security specialist.
“They’d make sure the sensitive services were operating on isolated networks that weren’t connected to the internet.
“However, the changing essence of the environment suggests that more things are now dependent on connectivity.”
Who Are The Cybercriminals?
DarkSide, a relatively recent yet active ransomware group believed to be headquartered in Russia, was responsible, according to the FBI. While it is rare for criminal organizations to target “sensitive national assets,” analysts including Andy Norton of cyber-defense firm Armis believe it is becoming a rising concern.
He claims that “what we’re seeing now is the ransomware gangs maturing.”
“Where vital public service is at stake, they have a better chance of having the ransom paid.”
Surprisingly, the party sent a statement on its darknet website apologizing for the hack. While it did not specifically mention Colonial, it did mention “today’s news,” saying: “Our mission is to make money without causing social problems.
DarkSide, like many other ransomware organizations, has an affiliate scheme that allows “partners” to use its malware to strike targets in return for a cut of the ransom money. DarkSide previously stated that it will begin contributing some of the extorted funds to charitable organizations.
Hacking of vital national infrastructure has long been a source of fear for experts. The Ransomware Task Force, a multinational group of experts, dubbed it a “national security danger” earlier this month. According to the community, policymakers must take immediate steps to prohibit ransoms from being paid in secret. It also wants sanctions imposed on countries like Russia, Iran, and North Korea, which have been accused of harboring ransomware groups on several occasions. Mr. Norton, on the other hand, believes that businesses must take ownership as well.