Americans on the East Coast have found themselves on the wrong end of one of the most impactful ransomware attacks this country has ever seen. The FBI reported earlier this week that a group known as DarkSide has claimed responsibility for an attack that caused the shutdown of the Colonial Pipeline. On Friday, May 7th, Colonial announced that they had halted all operations and frozen their IT network to begin remediation and repair of their affected infrastructure. Colonial transports over 100 million gallons of fuel daily over 5,000 miles from Texas to New York, supplying 45% of the East Coast’s diesel and gasoline for consumers ranging from every-day citizens to airports and military bases.
How did this happen?
On May 7th, Colonial Pipeline announced that they were ceasing operations immediately and that their network had been compromised by a ransomware attack. The initial attack vector in the Colonial Pipeline attack has yet to be uncovered, but experts have disclosed that the attack was focused on the business side of the Pipeline, not the operational. This reinforces previous ideas that this attack was for a monetary incentive, rather than disrupting the infrastructure of the United States. While this attack is unique in scale, ransomware is nothing new to the U.S.
Ransomware is a type of malware that once infected into a user’s systems, locks the user out and encrypts their data. A “ransom” is then required to be paid to regain access to their data. The targets of these attacks vary, but in recent years there has been a major uptick in the amount of private businesses and government organizations, including critical infrastructure providers, that have been specifically targeted. In 2018 the cities of Atlanta and Allentown were both hit with a ransomware attack that crippled their entire IT infrastructure and affected everything from tax payments to traffic lights. Many victims have repeatedly turned a blind eye to warnings that were made about their environment, specifically a January 2018 audit in Atlanta, for example which uncovered 1,500 – 2,000 known vulnerabilities in their systems. This audit showed that the city was drastically neglecting their cybersecurity processes, and then they were hit with an attack.
What does this mean?
How could a company that is so crucial to our nation’s infrastructure lack the necessary cybersecurity measures to defend itself from an attack like this? Our nation’s energy grid is one of the most critical pieces of infrastructure in the country, yet private companies who do not view cybersecurity as a key issue own nearly 85% of the market. This leaves most of our nation’s energy grid unregulated to a large degree when it comes to cyber protections. Many of these utility providers rely on systems that are running decades old tech in what is essentially a modern-day cyber battlefield and they just aren’t equipped well enough to defend themselves. Netizen’s COO, Akhil Handa, had this to add “Even though government regulatory agencies exist, there is no standardized process for which these companies look to measure their cybersecurity readiness against..”
What is the solution?
No matter how safe an organization thinks they are, emerging threat actors are continuously looking for new ways to exploit any vulnerability in systems, people, and processes. Companies and government organizations, if they have not done so already, need to move cybersecurity to the absolute forefront of their strategic planning in 2021.
We need to have an open conversation with key businesses that make up our nation’s infrastructure and determine what measures they are taking to protect their cyberspace. Additionally, we need to start moving towards architecture like Zero Trust Security to help ensure issues like this do not arise again. The time for action is now. We must work together to hold businesses accountable for their actions and move towards creating a more secure cyberspace.
Questions or concerns? Feel free to reach out to us any time – https://www.netizen.net/contact