05 Aug Colonial Pipeline Ransomware Attack
Colonial Pipeline Ransomware Attack: Why it Matters?
On Friday May 7th, Colonial pipeline announced that a cyberattack forced the organisation to proactively close down their business operations and temporarily freeze their IT systems. This attack temporarily forced Colonial to close down their pipeline operations. Colonial also roped in a third-party cybersecurity firm FireEye to assists with this ransomware attack.
What is Colonial pipeline
Colonial pipeline is one of the major pipeline operators founded in 1962 in the U.S.A responsible for providing roughly 45% of the fuel to the East Coast which includes gasoline, diesel, home heating oil, jet fuel and military supplies. Colonial pipeline transports over 100 million gallons of fuel daily across an area spanning from Texas to New York.
How did the ransomware attack happen?
There are very few details on how the attack took place since the investigation is still underway and the incident analysis report is yet to be concluded. However, it is a known act that the attack was a ransomware attack linked to a cyber hacking group known as Darkside.
The initial attack vector or trigger is still undisclosed but a Ransomware attack generally exploits an unknown or unpatched vulnerability in a system, exploits the security system through a phishing mail or gains unauthorised access through data leaks or through a number of attacks employed by cybercriminals. The attack was attributed to a hacking organisation who call themselves Darkside. The issue with the colonial pipeline attack was that colonial pipeline connected their physical assets like pipelines with digital automated software and applications. This makes it difficult to apply basic hygiene practises and also to detect threats in time to prevent them.
Darkside which is responsible for the attacks is not linked to any nation states and have declared that their only objective is to make money and not create political or social problems for the society. Hence the attack by Darkside was on the business end to extract money and not on the operational end which would have caused crashing of pipelines. The oil giant in statement announced that it “proactively took certain systems offline to contain the threat, which temporarily halted all pipeline operations, and affected some of our IT systems.” Another update by colonial pipeline stated that the remediation process is underway and they are approaching the systems using an incremental approach. Colonial further stated that safety and compliance regulations are major force in the operational decisions being taken and they expect to restore operational services within a week.
The attack caused the lateral lines which are responsible for transportation of fuel between the main terminals and delivery point to be shut down whereas the main lines were still functional and operational.
Read Also: Internal vs External Threats
Why does the Colonial Pipeline ransomware attack matter?
Darkside took out Colonials operational functionality and targeted support systems which ruptured the pipeline transport system and impacted the fuel distribution. This attack did not cause any shortage of fuel per se but the news itself caused a rise in panic buying from customers which lead to price surge of the fuel. Normal operations took about a week to resume which caused more fluctuations in prices and potential shortage due to panic buying.
The colonial pipeline attack just highlights the high-profile ransomware attacks that have been taking place in the U.S and other parts of the world since quite some time now without any possible solutions to these attacks. Ransomware attacks are complicated and sophisticated, accompanied with a knotty set of interconnected problems, all of which defy solutions. Hence it is difficult to prevent or detect the attack beforehand.
This incident will probably urge the companies to take cybersecurity more seriously and build a more robust security system to prevent such attacks in future. The vendors need to focus on selling security solutions which are more sophisticated and full proof, not just rush the companies into buying the products and fixing it later when the attack occurs or when a threat is detected.
Involving police of the cyber crime unit is another serious issue. Quite often the cybercrime unit doesn’t have the expertise or the know how to carry out a thorough investigation in this matter. Tracking down the culprits is also difficult as these cyber criminals operate in different jurisdictions or countries and apprehending or convicting them is next to impossible.
There is also the issue of organisations and the companies paying up the ransom which may often be the easiest way out, but in fact has long term impacts. Paying financial remunerations make these gangs even stronger and equips them to carry out more ambitious and sophisticated attacks in the future.
The exponential increase in ransomware attacks and specially the colonial pipeline attack has caught the attention of the government officials of the U.S. The government officials may feel that it is high time that they put momentum behind the efforts to tackle the ransomware problem. If more funds are made available for developing the security infrastructure or strict ransomware regulations like making it harder or easier to trace the payment or criminals or even restricting the payment of ransomware completely and improving the cybersecurity standards are brought in then there will be a decrease in such type of attacks. For Instance, the government was able to recover some of the payment which was made in bitcoins by Colonial pipeline to Darkside.
The geopolitical challenge which makes sanctions, indictments and convictions difficult are the reasons ransomware attacks are flourishing. But if the nations can come to a mutual agreement to apprehend gangs that operate in their jurisdiction, then the ransomware attacks will be difficult to carry out.
Colonial pipeline was able to get back up and running before a major prolonged disruption and the customer wallets weren’t hit so hard as it had the necessary resources to tackle the solution. But the next one or the next series of attacks might have a damaging impact if the correct counter measures are not taken.
The colonial attack also highlighted a massive shortcoming of many organisations that run critical infrastructure. For long these organisations have left their systems vulnerable to attackers by not fostering a cybersecurity culture or completely ignoring the cybersecurity culture. Its high time that these companies are held accountable for their negligence and bring in regulations that improve the cyber security system as a whole.
Read Also: The Why and ?How of Social Engineering/