Tag Archive for: Colonial

US Recovers Millions In Bitcoin Paid During The Colonial Pipeline Attack

/in


U.S. officials announced in a press conference Monday afternoon the successful recovery of some of the funds paid in the recent Colonial Pipeline hack. Deputy Attorney General Lisa Monaco of the Department of Justice noted that the scope of the investigation involved “…going after an entire ecosystem that fuels ransomware and digital extortion attacks including criminal proceeds in the form of digital currency.” Monaco declared, “…we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.” Paul Abbate, the deputy director of the FBI, said the bureau successfully seized the ransom funds from a bitcoin wallet that DarkSide used to collect Colonial Pipeline’s payment.

Colonial Pipeline temporarily shut down its operations on May 7 after Russian-based criminal hackers from the organization DarkSide broke into its computer system, stalling a company that provides almost half of the fuel to the East Coast of the U.S. While Colonial Pipeline ended up paying $4.4 million in digital currency, the amount that was recovered today was not revealed.

The United States Department of Justice had recently instructed the U.S. Attorney’s Offices across the country to coordinate cases involving ransomware, cyberattacks, and illicit marketplaces with a newly created ‘Ransomware and Digital Extortion Task Force’. According to Monaco, the Task Force was established to investigate disrupt, and prosecute ransomware and digital extortion activity. “This is the Task Force’s first operation of its kind,” said Monaco.

Message To U.S. Corporations: Improve Your Computer Security Now

According to Monaco, these types of ransomware are more diverse, sophisticated, and dangerous to which no organization is immune. Monaco specifically addressed U.S. corporations in the press conference that the , “…threat of…

Source…

Hackers breached Colonial Pipeline with one compromised password | Cybercrime News

/in


The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.

Hackers gained entry into the networks of Colonial Pipeline Co. on April 29 through a virtual private network account, which allowed employees to remotely access the company’s computer network, said Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc., in an interview. The account was no longer in use at the time of the attack but could still be used to access Colonial’s network, he said.

The account’s password has since been discovered inside a batch of leaked passwords on the dark web. That means a Colonial employee may have used the same password on another account that was previously hacked, he said. However, Carmakal said he isn’t certain that’s how hackers obtained the password, and he said investigators may never know for certain how the credential was obtained.

The VPN account, which has since been deactivated, didn’t use multifactor authentication, a basic cybersecurity tool, allowing the hackers to breach Colonial’s network using just a compromised username and password. It’s not known how the hackers obtained the correct username or if they were able to determine it on their own.

“We did a pretty exhaustive search of the environment to try and determine how they actually got those credentials,” Carmakal said. “We don’t see any evidence of phishing for the employee whose credentials were used. We have not seen any other evidence of attacker activity before April 29.”

Colonial paid the hackers, who were an affiliate of a Russia-linked cybercrime group known as DarkSide, a $4.4 million ransom shortly after the hack [File: Samuel Corum/Bloomberg]

Ransom Note

A little more than one week later, on May 7, an employee in Colonial’s control room saw a ransom note demanding cryptocurrency appear on a computer just before 5 a.m. The employee notified an operations supervisor who immediately began to start the process of shutting down the pipeline, Colonial Chief Executive Officer Joseph Blount…

Source…

After Colonial hack, DHS issues first cybersecurity regulation for pipelines

/in


The Department of Homeland Security has issued the first cybersecurity regulation for the pipeline sector.

The regulation, issued Thursday morning, is part of the Biden administration’s efforts to bolster security for national infrastructure after a company that operates the largest fuel pipeline in the country was hit with a ransomware attack earlier this month.

Colonial Pipeline shut down all pipeline operations after it was hacked by a group believed to be Russian criminals, who locked some of its computers and demanded a ransom to set them free.

While Colonial was able to restart operations within five days, it had already become one of the most impactful cyberattacks in American history. The United States issued an emergency order to allow truckers to drive overtime to help transport fuel, and gas stations across the country reported outages. Colonial CEO Joseph Blount told The Wall Street Journal he quickly paid the hackers’ $4.4 million demand, but that their program to restore their systems was so slow he hired outside computer experts to do it instead.

While DHS’ Cybersecurity and Infrastructure Security Agency provides guidance to U.S. companies that handle the country’s infrastructure, there are few federal government requirements for them to have even basic cybersecurity measures in place.

Under the new regulation, roughly 100 pipeline companies will be required to keep a cybersecurity coordinator on call at all times, and to report any incident to the Cybersecurity and Infrastructure Security Agency within 12 hours. 

In a call DHS held with reporters Wednesday evening, one senior agency official, who requested to not be named as part of the terms of the call, said that pipeline companies found out of compliance with the new regulation would face escalating fines starting around $7,000.

“There are financial penalties associated with failure to comply with security directives, and those can be imposed on a daily basis, so they can ramp up pretty significantly over time,” the official said.

Bryson Bort, a cybersecurity consultant and founder of the ICS Village, a nonprofit that advocates for industrial cybersecurity, said that while he didn’t expect the regulation…

Source…

Prioritizing a Proper Response to the Colonial Pipeline Hack.

/in


The best way to get the American public’s attention is to hit them in their wallets, especially if it happens at the gas pump. Still, inviting the ire of the entire East Coast and commanding headlines of major news publications for a week was certainly not what the DarkSide ransomware group had in mind when they targeted Colonial Pipeline’s IT infrastructure. On May 7th, DarkSide launched a ransomware attack against Colonial Pipeline, resulting in a shutdown of their entire operation and an eventual ransom payment of $5 million.

It seems that the most powerful nation in the history of the world has a major issue with cyber threats…

While most Americans were wrapped up in the more sensational parts of the story—plastic bags filled with gas or the mysterious perpetrator and any possible ties they may have to the Russian government—there is a more serious underlying issue that is garnering less attention. It seems that the most powerful nation in the history of the world has a major issue with cyber threats, and despite some promising solutions that are being implemented as a result of this recent hack, there is still a prioritization issue and an ongoing ignorance about the proper path forward.

Ironically, not many people know what good cyber security hygiene looks like despite spending most of their days within the cyber world. Part of that can be explained away by the novelty of this new way of living where we are permanently connected, but the amount of time left to use that excuse is running out. Americans are soon going to wake up to find that all their personal data is littered throughout the world’s computer infrastructure, just waiting for a crafty hacker to steal.

Thankfully, the blinders are starting to lift, ever so slightly, as drivers are confronted with the price to fill up—if they can find gas at all.

Out of service gas pump.

Out of service gas pump.

CALCULATE THE RISK, THEN ASSUME BREACH

Businesses are not ignorant of the dangers that they face, especially after the high-profile cyber attacks targeting SolarWinds’ software and Microsoft Exchange servers. The…

Source…