Tag: Colonial | Page 6

The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms

May 24, 2021/in Computer Security

Similarly, the US government has made only modest headway in pushing private industry, including pipeline companies, to strengthen cybersecurity defenses. Cybersecurity oversight is divided among an alphabet soup of agencies, hampering coordination. The Department of Homeland Security conducts “vulnerability assessments” for critical infrastructure, which includes pipelines.

It reviewed Colonial Pipeline in around 2013 as part of a study of places where a cyberattack might cause a catastrophe. The pipeline was deemed resilient, meaning that it could recover quickly, according to a former DHS official. The department did not respond to questions about any subsequent reviews.

Five years later, DHS created a pipeline cybersecurity initiative to identify weaknesses in pipeline computer systems and recommend strategies to address them. Participation is voluntary, and a person familiar with the initiative said that it is more useful for smaller companies with limited in-house IT expertise than for big ones like Colonial. The National Risk Management Center, which oversees the initiative, also grapples with other thorny issues such as election security.

Ransomware has skyrocketed since 2012, when the advent of Bitcoin made it hard to track or block payments. The criminals’ tactics have evolved from indiscriminate “spray and pray” campaigns seeking a few hundred dollars apiece to targeting specific businesses, government agencies and nonprofit groups with multimillion-dollar demands.

Attacks on energy businesses in particular have increased during the pandemic—not just in the US but in Canada, Latin America, and Europe. As the companies allowed employees to work from home, they relaxed some security controls, McLeod said.

DarkSide adopted what is known as a “ransomware-as-a-service” model. Under this model, it partnered with affiliates who launched the attacks. The affiliates received 75% to 90% of the ransom, with DarkSide keeping the remainder.

Since 2019, numerous gangs have ratcheted up pressure with a technique known as “double extortion.” Upon entering a system, they steal sensitive data before launching ransomware that encodes the files and makes it…

Source…

Colonial Pipeline Pays Millions in Ransomware Attack – The National Law Review

May 21, 2021/in Internet Security

Colonial Pipeline Pays Millions in Ransomware Attack The National Law Review

Source…

The Colonial Pipeline hack sparks concerns about economic security

May 21, 2021/in Computer Security

with Aaron Schaffer

Load Error

Top members of the House Homeland Security Committee say the Biden administration needs to produce a plan to secure the economy in the wake of a major cyberattack.

Lawmakers argue the recent hack of the Colonial Pipeline, which provides 45 percent of the fuel for the East Coast and forced the company to shut down operations for nearly a week, highlights the critical nature of such a plan.

Rep. John Katko (R-N.Y.), the ranking Republican on Homeland Security, and Chairman Bennie G. Thompson (D-Miss.), want the Biden administration to implement a strategy for ensuring the continuous operation of critical economic functions in the event of a significant cyber disruption. The power to do so was approved in last year’s defense authorization bill, but has not been put in place.

“Last week, we witnessed the exact reason this provision was enacted into law and why we supported it. The question now becomes one of implementation,” Katko and Thompson wrote in a letter to President Biden. “In the wake of the Colonial ransomware attack and its cascading effects along a large portion of the United States, we believe the Administration should act expeditiously to use this authority to ensure the resiliency of the economy.”

The administration has taken a number of steps to address cybersecurity in light of recent emergencies.

Biden last week signed an executive order outlining more rigorous cybersecurity requirements for software providers that contract with the federal government. The administration has also launched a series of 100-day initiatives to improve cybersecurity in critical infrastructure, including the electric grid and oil and gas pipelines.

While the efforts have received broad support in Congress, Katko and Thompson say they’re not a substitute for an emergency strategy.

“While thankfully Colonial has begun the process to restore operations, the incident highlights the criticality and interdependencies of our nation’s critical infrastructure,” they wrote. “We as a nation can and must do more.”

The letter requests a briefing from the White House about its plans. The White House declined to comment.

Source…