The US issued emergency legislation after the Colonial Pipeline, which carries 45% of the East Coast’s supply of diesel, petrol and jet fuel, was the target of a ransomware cyber-attack.
While an operation to reopen the pipeline is still underway, the cybercriminal gang behind the attack, DarkSide stated, “Our goal is to make money and not creating problems for society.” Whether or not the original intention was money, the attack is one of the most disruptive ransomware attacks ever reported.
Alan Grau, VP of IoT and Embedded Solutions at Sectigo said, “The recent cyberattack on the Colonial Pipeline shows how cybercriminals are escalating their attacks. This is one of the most disruptive ransomware attacks ever reported and illustrates how cybercriminals are attacking ever more critical targets with an endgame of extracting ever-larger ransom fees. This also shows how vulnerable a nation’s critical infrastructure is to cyberattacks. Colonial Pipeline, the operator of the system, said that it shut down its 5,500 miles of pipeline in an effort to contain the breach. While it is not clear if the ransomware attack spread to the SCADA systems directly controlling the pipeline, it is clear that stronger security is needed.
“Critical infrastructure providers must harden all of their systems against cyber-attacks. The embedded devices and control systems managing critical infrastructure are not isolated from the IT systems, and attacks against IT systems can be used as a beachhead to launch further attacks against these control systems. Multiple levels of security starting with strong authentication and S/MIME protection for email provides a layer of protection against phishing attacks and other cyberattacks that are commonly used as entry points for ransomware attacks.
“Reports indicate that the attackers, in this case, were motivated solely by financial gain. Had this been a nation-state wanting to damage the cyber-physical systems controlling the pipeline, they may have been able to do so. Company statements indicate that they shut down the pipeline to ensure that no such damage was done, but it’s not clear if this was done because the company detected the attack and responded proactively, or if this occurred after the ransomware attack shut-down critical IT systems.”