Tag Archive for: Colonial

Colonial cyber attack spreads fear to other companies

/in


Gas shortages continue up and down the east coast after the Colonial pipeline cyber attack.

This latest cyber warfare has exposed critical infrastructure vulnerabilities here in the U.S. The danger compounded after it was revealed that Colonial actually paid a $5 million ransom to unfreeze their computers. The payout putting other companies on edge fearing they may be next.

The result a week after the cyber attack against the Colonial pipeline, panic buying, long lines at stations along the east coast, causing drivers across the country to fear it could happen at their local pumps.

While Colonial has announced the pipeline is open again it will take several days to for it to get back up to normal supply levels. The attack prompting homeland security and President Joe Biden, to urge private companies to harden their defenses.

“I can not dictate that private companies do certain things regarding cyber security”, said President Biden.

Critical infrastructure includes everything from fuel depots, to power and nuclear plants, water systems, railroads, banks, hospitals, telecom centers, the list is endless and 85% of it is privately owned. Phil Quade, of Fortinet Security, said companies around the world have much more to worry about now than just having rivals trying to steal their trade secrets.

“Our critical infrastructures and other important business systems are no longer subject to the threat only of being spied on by others, but actually being attacked by others”, said Quade.

These recommendations are not just for large companies, the Homeland Security Administration says medium sized companies and even local government need to have a cyber team to protect their security.

Source…

The Colonial Pipeline Hack: A New Era of Cyberwar

/in


Holding tanks at Colonial Pipeline’s Linden Junction Tank Farm in Woodbridge, N.J. (Colonial Pipeline/Handout via Reuters)

On the menu today: a deep dive into what appears to be a frightening new era of cyberwarfare and ransomware — because the Colonial Pipeline hack and extortion was only the highest-profile example this week; this kind of crime and terrorism is taking off like a rocket.

Suddenly, Ransomware Is Everywhere

Apparently, ransomware attacks are like the latest TikTok dance: rapidly growing in popularity and not easily understood by anyone over the age of 30. You’ve heard about the Colonial Pipeline hack. But you probably didn’t hear that Ireland’s health service shut down its computer systems after being hit with a ransomware attack. DarkSide hit Toshiba Corporation and compromised more than 740 gigabytes of information including passports and other personal information. The Washington, D.C., police just suffered the biggest hack of a police force ever, exposing “hundreds of police officer disciplinary files and intelligence reports that include feeds from other agencies, including the FBI and Secret Service.” The city government of Gary, Ind., has to restore and rebuild all of its servers after they were attacked.

And that’s just in the past 24 hours or so.

One of the oddities of the Die Hard movie series is that none of the movies started out with a script for a Die Hard movie; they were all adaptations of scripts for previously written different novels and other movies, and altered to fit the John McClane character.

The fourth movie, Live Free or Die Hard, actually started not as a novel or a screenplay, but as a nonfiction article in Wired magazine. Written in 1997 and titled “A Farewell to Arms,” it laid out the United States’ vulnerability to cyberattacks on its critical infrastructure.

The closing paragraphs of that Wired article warn about the emerging era of information warfare, which “includes electronic warfare, tactical deception, strategic deterrence, propaganda warfare, psychological warfare, network warfare, and structural sabotage”:

When the threat everyone’s talking about is from…

Source…

Colonial paid hackers nearly $5 million in ransom, sources say

/in


Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.

The company paid the hefty ransom in untraceable cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the East Coast, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.

Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

A representative from Colonial declined to comment, as did a spokesperson for the National Security Council.

The hackers, which the FBI said are linked to a group called DarkSide, specialize in digital extortion and are believed to be located in Russia or Eastern Europe.

On Wednesday, media outlets including the Washington Post and Reuters reported that the company had no immediate intention of paying the ransom. Those reports were based on anonymous sources.

Ransomware is a type of malware that locks up a victim’s files, which the attackers promise to unlock for a payment. More recently, some ransomware groups have also stolen victims’ data and threatened to release it unless paid — a kind of double extortion.

Deputy National Security Advisor Anne Neuberger on Monday acknowledged that sometimes companies may have no choice but to pay ransoms, telling reporters: “We recognize, though, that companies are often in a difficult position if their data is encrypted and they do not have backups and cannot recover the data.”

The FBI discourages organizations from paying ransom to hackers, saying there is no guarantee they will follow through on promises to unlock files. It also provides incentive to other would-be hackers, the agency…

Source…

Senators Cite Colonial Pipeline Hack in Calling for Cyber Response and Recovery Fund

/in


The cyberattack that has shut down a major supply line for energy to much of the East Coast is the kind of event that would have triggered a release of funding outlined in legislation to help the government respond to such incidents, key senators said in a hearing Wednesday.

“I know we’re here today to focus on federal cybersecurity. But I think it’s important to discuss the attack that we have just recently seen on Colonial Pipeline, one of the largest attacks on critical infrastructure in our history,” Sen. Gary Peters, D-Mich., said. “Last month, Ranking Member, [Rob] Portman [R-Ohio] and I introduced the Cyber Response and Recovery Act which would give the Secretary of Homeland Security the authority to declare a significant incident and use [the] Cyber Response and Recovery Fund after events like this.”

Peters, chairman of the Senate Homeland Security and Government Affairs Committee, was leading a hearing on the federal government’s efforts to improve its cybersecurity following the SolarWinds hack, which was part of a campaign that compromised scores of organizations, including nine federal agencies.

The chair and ranking member touted their legislation while drawing attention to what they said were lapses in both public and private entities’ communications with the government.

The Cyber Response and Recovery Fund that the legislation creates would keep $20 million available for DHS’ Cybersecurity and Infrastructure Security Agency to reimburse other departments they need to call in to help respond to cyberattacks and to get information out to related entities to mitigate the impact of such events.

But in Colonial’s case, Brandon Wales, CISA’s acting director, told Portman that the company did not contact CISA after they were targeted by ransomware criminals. CISA was engaged only after the FBI brought them in and still does not possess the technical details that would help them to advise other critical infrastructure entities, Wales said.

Wales said this is understandable since it’s still early in the response, and that CISA has a good relationship with Colonial, but Portman did not accept that argument.  

“It seems to me we also have to worry about these…

Source…