Tag Archive for: Colonial

Colonial Pipeline hopes most service will be back by weekend after DarkSide ransomware hack

/in


WASHINGTON — Hit by a cyberattack, the operator of a major U.S. fuel pipeline said it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers.

U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said Monday that it was working toward “substantially restoring operational service” by the weekend.

The White House said in a statement late Monday that it was monitoring supply shortages in parts of the Southeast and that President Joe Biden had directed federal agencies to bring their resources to bear.

Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a ransomware attack that it said had affected some of its systems.

Nonetheless, the attack underscored the vulnerabilities of the nation’s energy sector and other critical industries whose infrastructure is largely privately owned. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand large payments to decrypt it.

The Colonial attack was a potent reminder of the real-world implications of the burgeoning threat. Even as the Biden administration works to confront organized hacking campaigns sponsored by foreign governments, it must still contend with difficult-to-prevent attacks from cybercriminals.

“We need to invest to safeguard our critical infrastructure,” Biden said Monday. Energy Secretary Jennifer Granholm said the attack “tells you how utterly vulnerable we are” to cyberattacks on U.S. infrastructure.

The attack came as the administration, still grappling with its response to massive breaches by Russia of federal agencies and private corporations, works on an executive order aimed at bolstering cybersecurity defenses. The Justice Department, meanwhile, has formed a ransomware task force designed for situations just like Colonial Pipeline, and the Energy Department on April 20 announced a 100-day initiative focused on protecting energy infrastructure from cyber…

Source…

US officials warned major pipelines to secure systems before Colonial attack

/in


For more than two years before the Colonial petroleum pipeline shutdown on Friday, US officials repeatedly warned major pipelines that they were increasingly vulnerable to hackers as they moved their operations online.

As recently as February 2020, US cyber security officials warned of an attack on an unnamed natural gas compression facility that mirrored some of the problems faced by Colonial.

In that case, hackers broke into the back-office network and moved into its operations control system, locking up computers on both sides and leaving staff unable to see data from the facility, which had to be shut down.

Officials warned at the time that pipelines should keep their back office separate from their operations. It was useful advice for Colonial Pipeline, whose 5,500 miles of pipes supply half the fuel used by the US east coast.

But on Monday, the White House confirmed that a similar scenario had played out at Colonial, forcing it to shut itself down to ensure that hackers “could not migrate from business computer systems to those that control and operate the pipeline”.

Sujeet Shenoi, professor of computer science at the University of Tulsa and a former nuclear engineer, said that hackers often found the easiest people to attack were in the back office, and that some critical infrastructure companies now had a three-strike rule for employees who breached cyber security procedures.

He added that infrastructure companies had moved quickly to digitise their operations, but had not fully woken up to the scale of the risk of connecting their corporate IT systems to their operational control systems. “This is like a 9/11 and more. Critical infrastructure groups are not ready to respond.”

The Department of Homeland Security set up the Pipeline Cybersecurity Initiative in October 2018 to try to protect more than 2.7m miles of oil and gas pipelines from attack as their owners started to connect them to the internet so that they could monitor operations remotely.

Like its peers, Colonial Pipeline has spent years transforming itself from a traditional utility into a data-driven, digital company. Major pipelines increasingly rely on computers to monitor flows and…

Source…

FBI Confirms DarkSide as Colonial Pipeline Hacker

/in


President Biden said on Monday that the United States would “disrupt and prosecute” a criminal gang of hackers called DarkSide, which the F.B.I. formally blamed for a huge ransomware attack that has disrupted the flow of nearly half of the gasoline and jet fuel supplies to the East Coast.

The F.B.I., clearly concerned that the ransomware effort could spread, issued an emergency alert to electric utilities, gas suppliers and other pipeline operators to be on the lookout for code like the kind that locked up Colonial Pipelines, a private firm that controls the major pipeline carrying gasoline, diesel and jet fuel from the Texas Gulf Coast to New York Harbor.

The pipeline remained offline for a fourth day on Monday as a pre-emptive measure to keep the malware that infected the company’s computer networks from spreading to the control systems that run the pipeline. So far, the effects on gasoline and other energy supplies seem minimal, and Colonial said it hoped to have the pipeline running again by the end of this week.

The attack prompted emergency meetings at the White House all through the weekend, as officials tried to understand whether the episode was purely a criminal act — intended to lock up Colonial’s computer networks unless it paid a large ransom — or was the work of Russia or another state that was using the criminal group covertly.

So far, intelligence officials said, all of the indications are that it was simply an act of extortion by the group, which first began to deploy such ransomware last August and is believed to operate from Eastern Europe, possibly Russia. There was some evidence, even in the group’s own statements on Monday, that suggested the group had intended simply to extort money from the company, and was surprised that it ended up cutting off the main gasoline and jet fuel supplies for the Eastern Seaboard.

The attack exposed the remarkable vulnerability of a key conduit for energy in the United States as hackers become more brazen in taking on critical infrastructure, like electric grids, pipelines, hospitals and water treatment facilities. The city governments of Atlanta and New Orleans, and, in recent weeks, the Washington, D.C., Police…

Source…

Colonial Pipeline hack reveals critical infrastructure risks

/in


Big industrial networks, including the Colonial Pipeline, which has been down for three days following a cyberbreach, fill vital everyday needs such as gasoline, clean water and electricity. Yet these often-aging physical systems are frequently less protected against hackers than corporate information technology networks.

“It’s really a challenge when you have old infrastructure,” said Padraic O’Reilly, co-founder of CyberSaint Security, “because the security tends to be snap-on, ad hoc, reactive, etc.”

Hackers — potentially Russian cybercriminals, according to the FBI — breached the operations of the Colonial Pipeline, which delivers gasoline and diesel to the eastern United States. Operators shut down the line for safety, and if it stays down for a week or more, prices could spike at the pump, analysts fear.

Even though pipelines and power lines serve the public good, companies with shareholders and quarterly earnings run them. They decide how much — or how little — to protect them against digital bad guys.

“They have business objectives to meet, so it’s difficult to justify upgrades on equipment that is running,” said Adam Bixler, global head of third-party cyber risk management at security firm BlueVoyant.

That’s the reality, even though hackers have taken down parts of the power grid in Ukraine, broke into a water-treatment plant in Florida and ruined nuclear centrifuges in Iran.

With Colonial Pipeline, it’s not clear whether the hackers took control of the physical systems, but many analysts say cyberthreat actors have demonstrated they can infiltrate information technology systems and then migrate into physical, operational technology networks.

“I think it’s an open secret that governments around the world have an ‘in’ into other people’s internet systems as well as their major infrastructure,” said Cynthia Quarterman, a former top U.S. pipeline regulator.

The Joe Biden administration plans new cyber rules for agencies and contractors involved in critical infrastructure.

But at the Colorado School of Mines, policy professor Morgan Bazilian said unless rules have teeth and bring…

Source…