Tag Archive for: pipeline

1,000 gas stations report running out of fuel as Colonial Pipeline hack leads to panic-buying in Southeast U.S.

/in


State and federal officials are scrambling to find alternate routes to deliver gasoline in the Southeast U.S. after a hack of the nation’s largest fuel pipeline led to panic-buying that contributed to more than 1,000 gas stations running out of fuel.

There is no gasoline shortage, according to government officials and energy analysts, but if the pipeline shutdown continues past the weekend, it could create broader fuel disruptions.

The Colonial Pipeline, which delivers about 45% of what is consumed on the East Coast, was hit on Friday with a cyberattack by hackers who lock up computer systems and demand a ransom to release them. The attack raised concerns, once again, about the vulnerability of the nation’s critical infrastructure.

The pipeline runs from the Gulf Coast to the New York metropolitan region, but states in the Southeast are more reliant on the pipeline for fuel. Other parts of the country have more sources to tap. For example, a substantial amount of fuel is delivered to states in the Northeast by massive tankers.

“What you’re feeling is not a lack of supply or a supply issue. What we have is a transportation issue,” said Jeanette McGee, spokeswoman for the AAA auto club. “There is ample supply to fuel the United States for the summer, but what we’re having an issue with is getting it to those gas stations because the pipeline is down.”

In North Carolina, 28% of gas stations were out of fuel, according to Gasbuddy.com, a technology firm that tracks real-time fuel prices across the country. In Raleigh-Durham it was worse, with 72% of gas stations out of fuel.

North Carolina Democratic Gov. Roy Cooper urged people Wednesday to only buy gas if their tank is low, and to report any instances of price gouging.

“We will continue our efforts to help make sure there is an adequate supply of fuel,” Cooper wrote on Twitter.

Cooper declared a state of emergency Monday, initiating fuel waivers that make it easier to transport fuel into the state.

Georgians were also getting squeezed, with 17.5% of stations there out of gas, according to Gasbuddy.com. In Virginia, 17% of stations were out, and in South Carolina, 16% had…

Source…

Ransomware attacks could reach ‘pandemic’ proportions. What to know after the pipeline hack.

/in


A cybersecurity expert warned U.S. lawmakers last week that the world was on the cusp of a “pandemic of a different variety.”



An "Out Of Service" bag covers a gas pump as cars continue line up for the chance to fill their gas tanks at a Circle K gas station near uptown Charlotte on May 11, 2021, following a ransomware attack that shut down the Colonial Pipeline. (Photo by Logan Cyrus / AFP)

© Logan Cyrus/AFP/Getty Images
An “Out Of Service” bag covers a gas pump as cars continue line up for the chance to fill their gas tanks at a Circle K gas station near uptown Charlotte on May 11, 2021, following a ransomware attack that shut down the Colonial Pipeline. (Photo by Logan Cyrus / AFP)

Christopher Krebs, who formerly headed the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, testified Wednesday before the House Committee on Homeland Security that a form of malware called ransomware has become more prevalent than ever before. Given an ever-widening criminal enterprise and vulnerable digital landscape, he said, critical infrastructure is at risk of debilitating attacks.

Loading...

Load Error

Two days later, Colonial Pipeline, a major fuel pipeline connecting the East Coast, was hit in the largest known hack on U.S. energy infrastructure.

The incident, which instigated a shutdown of the pipeline, a panic-buying spree for gas and a price jump at the pump over the weekend, is one of the latest in a string of crippling ransomware attacks orchestrated by extortionary criminal organizations that mostly operate in foreign safe havens outside the grasps of America’s criminal justice system.

Experts say continued ransomware threats are inevitable, calling on businesses and governments to ramp up efforts to secure their online networks.

“Cybercriminals have been allowed to run amok while governments have mainly watched from the sidelines, unclear on whether cybercrime is a national security-level threat,” Krebs told lawmakers. “If there was any remaining doubt on that front, let’s dispense with it now: too many lives are at stake.”

What’s a ransomware attack?

Ransomware, a malicious computer code that hackers deploy to block an organization’s access to their own computer network to extort a ransom, is one of the most common forms of malware, experts say.

Hackers may barrage employees with phishing emails, convincing the user to download a file or visit an infected…

Source…

Biden’s infrastructure plan wouldn’t protect the Colonial Pipeline from another attack

/in






© Provided by NBC News


Colonial Pipeline, the United States’ largest purveyor of refined fuel, including gasoline, diesel and jet fuel, recently had a bad day. Late last Friday, the company’s information technology systems fell victim to ransomware. The company quickly shut down its operations as a precautionary measure to contain the attack and prevent long-term damage to its physical systems. As of Tuesday afternoon, the pipeline was still largely offline, though Colonial hopes to restore operations by the end of the week.

Loading...

Load Error

The attack on Colonial Pipeline is one data point in an overall trend of increased attacks from ransomware, malicious software that prevents victims from accessing their data and requires a ransom payment in order to restore their systems. The consequences can range from the economically costly to the downright dire: Businesses get locked out of their computer systems for several hours or days at a time, halting operations, disrupting supply chains and significantly harming consumer trust.

In 2020 alone, nearly 2,400 state and local governments, health care facilities and schools were victims of ransomware attacks. Additionally, the victims of these attacks paid a total of $350 million in ransom, marking a 300-plus-percent increase from the previous year.

And ransomware is just one kind of cyberthreat posed to infrastructure — one of the country’s most prevalent national security risks and one that should be at the top of priority lists for infrastructure needs. Given the severity of the danger, it was disappointing to see that the Biden administration’s current infrastructure plan falls woefully short in terms of actually securing the infrastructure it proposes to build, a failing that has raised eyebrows.

The Colonial Pipeline attack “is a play that will be run again, and we’re not adequately prepared” warned Sen. Ben Sasse, R-Neb. “If Congress is serious about an infrastructure package, at front and center should be the hardening of these critical sectors — rather than progressive wish lists masquerading as infrastructure.”

America’s critical infrastructure as traditionally defined and historically…

Source…

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem — GCN

/in


10 ways to recharge cybersecurity ops centers

The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a ‘wicked’ problem

  • By Terry Thompson
  • May 11, 2021

The ransomware attack on Colonial Pipeline on May 7, 2021, exemplifies the huge challenges the U.S. faces in shoring up its cyber defenses. The private company, which controls a significant component of the U.S. energy infrastructure and supplies nearly half of the East Coast’s liquid fuels, was vulnerable to an all-too-common type of cyber attack. The FBI has attributed the attack to a Russian cybercrime gang. It would be difficult for the government to mandate better security at private companies, and the government is unable to provide that security for the private sector.

Similarly, the SolarWinds hack, one of the most devastating cyber attacks in history, which came to light in December 2020, exposed vulnerabilities in global software supply chains that affect government and private sector computer systems. It was a major breach of national security that revealed gaps in U.S. cyber defenses.

These gaps include inadequate security by a major software producer, fragmented authority for government support to the private sector, blurred lines between organized crime and international espionage, and a national shortfall in software and cybersecurity skills. None of these gaps is easily bridged, but the scope and impact of the SolarWinds attack show how critical controlling these gaps is to U.S. national security.

The SolarWinds breach, likely carried out by a group affiliated with Russia’s FSB security service, compromised the software development supply chain used by SolarWinds to update 18,000 users of its Orion network management product. SolarWinds sells software that organizations use to manage their computer networks. The hack, which allegedly began in early 2020, was discovered only in December when cybersecurity company FireEye revealed that it had been hit by the malware. More worrisome, this may have been part of a broader attack on government…

Source…