Ransomware attacks could reach ‘pandemic’ proportions. What to know after the pipeline hack.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


A cybersecurity expert warned U.S. lawmakers last week that the world was on the cusp of a “pandemic of a different variety.”



An "Out Of Service" bag covers a gas pump as cars continue line up for the chance to fill their gas tanks at a Circle K gas station near uptown Charlotte on May 11, 2021, following a ransomware attack that shut down the Colonial Pipeline. (Photo by Logan Cyrus / AFP)


© Logan Cyrus/AFP/Getty Images
An “Out Of Service” bag covers a gas pump as cars continue line up for the chance to fill their gas tanks at a Circle K gas station near uptown Charlotte on May 11, 2021, following a ransomware attack that shut down the Colonial Pipeline. (Photo by Logan Cyrus / AFP)

Christopher Krebs, who formerly headed the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, testified Wednesday before the House Committee on Homeland Security that a form of malware called ransomware has become more prevalent than ever before. Given an ever-widening criminal enterprise and vulnerable digital landscape, he said, critical infrastructure is at risk of debilitating attacks.

Loading...

Load Error

Two days later, Colonial Pipeline, a major fuel pipeline connecting the East Coast, was hit in the largest known hack on U.S. energy infrastructure.

The incident, which instigated a shutdown of the pipeline, a panic-buying spree for gas and a price jump at the pump over the weekend, is one of the latest in a string of crippling ransomware attacks orchestrated by extortionary criminal organizations that mostly operate in foreign safe havens outside the grasps of America’s criminal justice system.

Experts say continued ransomware threats are inevitable, calling on businesses and governments to ramp up efforts to secure their online networks.

“Cybercriminals have been allowed to run amok while governments have mainly watched from the sidelines, unclear on whether cybercrime is a national security-level threat,” Krebs told lawmakers. “If there was any remaining doubt on that front, let’s dispense with it now: too many lives are at stake.”

What’s a ransomware attack?

Ransomware, a malicious computer code that hackers deploy to block an organization’s access to their own computer network to extort a ransom, is one of the most common forms of malware, experts say.

Hackers may barrage employees with phishing emails, convincing the user to download a file or visit an infected…

Source…

Biden’s infrastructure plan wouldn’t protect the Colonial Pipeline from another attack






© Provided by NBC News


Colonial Pipeline, the United States’ largest purveyor of refined fuel, including gasoline, diesel and jet fuel, recently had a bad day. Late last Friday, the company’s information technology systems fell victim to ransomware. The company quickly shut down its operations as a precautionary measure to contain the attack and prevent long-term damage to its physical systems. As of Tuesday afternoon, the pipeline was still largely offline, though Colonial hopes to restore operations by the end of the week.

Loading...

Load Error

The attack on Colonial Pipeline is one data point in an overall trend of increased attacks from ransomware, malicious software that prevents victims from accessing their data and requires a ransom payment in order to restore their systems. The consequences can range from the economically costly to the downright dire: Businesses get locked out of their computer systems for several hours or days at a time, halting operations, disrupting supply chains and significantly harming consumer trust.

In 2020 alone, nearly 2,400 state and local governments, health care facilities and schools were victims of ransomware attacks. Additionally, the victims of these attacks paid a total of $350 million in ransom, marking a 300-plus-percent increase from the previous year.

And ransomware is just one kind of cyberthreat posed to infrastructure — one of the country’s most prevalent national security risks and one that should be at the top of priority lists for infrastructure needs. Given the severity of the danger, it was disappointing to see that the Biden administration’s current infrastructure plan falls woefully short in terms of actually securing the infrastructure it proposes to build, a failing that has raised eyebrows.

The Colonial Pipeline attack “is a play that will be run again, and we’re not adequately prepared” warned Sen. Ben Sasse, R-Neb. “If Congress is serious about an infrastructure package, at front and center should be the hardening of these critical sectors — rather than progressive wish lists masquerading as infrastructure.”

America’s critical infrastructure as traditionally defined and historically…

Source…

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem — GCN

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


10 ways to recharge cybersecurity ops centers

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem

The ransomware attack on Colonial Pipeline on May 7, 2021, exemplifies the huge challenges the U.S. faces in shoring up its cyber defenses. The private company, which controls a significant component of the U.S. energy infrastructure and supplies nearly half of the East Coast’s liquid fuels, was vulnerable to an all-too-common type of cyber attack. The FBI has attributed the attack to a Russian cybercrime gang. It would be difficult for the government to mandate better security at private companies, and the government is unable to provide that security for the private sector.

Similarly, the SolarWinds hack, one of the most devastating cyber attacks in history, which came to light in December 2020, exposed vulnerabilities in global software supply chains that affect government and private sector computer systems. It was a major breach of national security that revealed gaps in U.S. cyber defenses.

These gaps include inadequate security by a major software producer, fragmented authority for government support to the private sector, blurred lines between organized crime and international espionage, and a national shortfall in software and cybersecurity skills. None of these gaps is easily bridged, but the scope and impact of the SolarWinds attack show how critical controlling these gaps is to U.S. national security.

The SolarWinds breach, likely carried out by a group affiliated with Russia’s FSB security service, compromised the software development supply chain used by SolarWinds to update 18,000 users of its Orion network management product. SolarWinds sells software that organizations use to manage their computer networks. The hack, which allegedly began in early 2020, was discovered only in December when cybersecurity company FireEye revealed that it had been hit by the malware. More worrisome, this may have been part of a broader attack on government…

Source…

Colonial Pipeline hopes most service will be back by weekend after DarkSide ransomware hack


WASHINGTON — Hit by a cyberattack, the operator of a major U.S. fuel pipeline said it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers.

U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said Monday that it was working toward “substantially restoring operational service” by the weekend.

The White House said in a statement late Monday that it was monitoring supply shortages in parts of the Southeast and that President Joe Biden had directed federal agencies to bring their resources to bear.

Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a ransomware attack that it said had affected some of its systems.

Nonetheless, the attack underscored the vulnerabilities of the nation’s energy sector and other critical industries whose infrastructure is largely privately owned. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand large payments to decrypt it.

The Colonial attack was a potent reminder of the real-world implications of the burgeoning threat. Even as the Biden administration works to confront organized hacking campaigns sponsored by foreign governments, it must still contend with difficult-to-prevent attacks from cybercriminals.

“We need to invest to safeguard our critical infrastructure,” Biden said Monday. Energy Secretary Jennifer Granholm said the attack “tells you how utterly vulnerable we are” to cyberattacks on U.S. infrastructure.

The attack came as the administration, still grappling with its response to massive breaches by Russia of federal agencies and private corporations, works on an executive order aimed at bolstering cybersecurity defenses. The Justice Department, meanwhile, has formed a ransomware task force designed for situations just like Colonial Pipeline, and the Energy Department on April 20 announced a 100-day initiative focused on protecting energy infrastructure from cyber…

Source…