Colonial Pipeline, one of the largest U.S. suppliers of refined gasoline, has fallen victim to a ransomware attack, forcing the 5,500-mile pipeline to shut down.
The magnitude of the disruption, which impacted almost half of the U.S. East Coast, has called the attention of the F.B.I., the Energy Department, and the White House who are currently involved in investigations.
This the latest incident from a series of nation-state cyberattacks making a mockery of cybersecurity standards in the United States. In an effort to finally disruptive this pernicious trend, President Joe Biden has signed a Cybersecurity Executive Order calling for a dramatic reformation of security programs throughout government entities and the entire private sector.
Cybercriminals infiltrated Colonial’s corporate computer network before launching their ransomware attack, in which sensitive data is encrypted and held hostage until the victim pays a ransom.
Colonial Pipeline said in a statement that the decision to shut down the entire pipeline was strategic, to prevent the further comprise of sensitive data.
“Quickly after learning of the attack, Colonial proactively took certain systems offline to contain the threat. These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.” Colonial Pipeline said in its statement.
On Tuesday, May 11, the F.B.I confirmed that Russian cybercriminal group known as "Darkside" was responsible for the cyberattack. Darkside is relatively new to the cybercriminal arena but their extremely talented, as evidenced by their choice of disrupting a major U.S pipeline to announce their existence on the world stage.
Intelligence on the group's tactics and are still developing, but it's speculated the threat actors may be affiliated with the Ransomware-as-a-Service operation REvil, due to the similarities between ransom letters:
While a hunt for the perpetrators is a critical initiate, it should not eclipse the glaring security faults that made this attack possible.
Colonial Pipeline has serviced the East Coast since the early 1960s. Upgrading the technology of such ageing infrastructures is not easy and usually requires security-compromising methods to establish a connection to the internet.
Cybercriminals are aware of this gaffer tape method of upgrading network security which is why attacks on veteran U.S. entities have soared. Recent victims include:
- The District of Columbia Police Department
- Hospitals globally
- Canadian IoT maker Sierra Wireless
- Schools throughout the U.S
- Florida water treatment facility
The Colonial Pipeline ransomware attack is a disturbing demonstrating of the gaping vulnerabilities currently exposing many legacy U.S entities.
To avoid compromise, such organizations must immediately evaluate their security posture, lest they remain as sitting ducks for cybercriminals.