Tag Archive for: pipeline

Colonial Pipeline hopes most service will be back by weekend after DarkSide ransomware hack

/in


WASHINGTON — Hit by a cyberattack, the operator of a major U.S. fuel pipeline said it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers.

U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said Monday that it was working toward “substantially restoring operational service” by the weekend.

The White House said in a statement late Monday that it was monitoring supply shortages in parts of the Southeast and that President Joe Biden had directed federal agencies to bring their resources to bear.

Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a ransomware attack that it said had affected some of its systems.

Nonetheless, the attack underscored the vulnerabilities of the nation’s energy sector and other critical industries whose infrastructure is largely privately owned. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand large payments to decrypt it.

The Colonial attack was a potent reminder of the real-world implications of the burgeoning threat. Even as the Biden administration works to confront organized hacking campaigns sponsored by foreign governments, it must still contend with difficult-to-prevent attacks from cybercriminals.

“We need to invest to safeguard our critical infrastructure,” Biden said Monday. Energy Secretary Jennifer Granholm said the attack “tells you how utterly vulnerable we are” to cyberattacks on U.S. infrastructure.

The attack came as the administration, still grappling with its response to massive breaches by Russia of federal agencies and private corporations, works on an executive order aimed at bolstering cybersecurity defenses. The Justice Department, meanwhile, has formed a ransomware task force designed for situations just like Colonial Pipeline, and the Energy Department on April 20 announced a 100-day initiative focused on protecting energy infrastructure from cyber…

Source…

FBI Confirms DarkSide as Colonial Pipeline Hacker

/in


President Biden said on Monday that the United States would “disrupt and prosecute” a criminal gang of hackers called DarkSide, which the F.B.I. formally blamed for a huge ransomware attack that has disrupted the flow of nearly half of the gasoline and jet fuel supplies to the East Coast.

The F.B.I., clearly concerned that the ransomware effort could spread, issued an emergency alert to electric utilities, gas suppliers and other pipeline operators to be on the lookout for code like the kind that locked up Colonial Pipelines, a private firm that controls the major pipeline carrying gasoline, diesel and jet fuel from the Texas Gulf Coast to New York Harbor.

The pipeline remained offline for a fourth day on Monday as a pre-emptive measure to keep the malware that infected the company’s computer networks from spreading to the control systems that run the pipeline. So far, the effects on gasoline and other energy supplies seem minimal, and Colonial said it hoped to have the pipeline running again by the end of this week.

The attack prompted emergency meetings at the White House all through the weekend, as officials tried to understand whether the episode was purely a criminal act — intended to lock up Colonial’s computer networks unless it paid a large ransom — or was the work of Russia or another state that was using the criminal group covertly.

So far, intelligence officials said, all of the indications are that it was simply an act of extortion by the group, which first began to deploy such ransomware last August and is believed to operate from Eastern Europe, possibly Russia. There was some evidence, even in the group’s own statements on Monday, that suggested the group had intended simply to extort money from the company, and was surprised that it ended up cutting off the main gasoline and jet fuel supplies for the Eastern Seaboard.

The attack exposed the remarkable vulnerability of a key conduit for energy in the United States as hackers become more brazen in taking on critical infrastructure, like electric grids, pipelines, hospitals and water treatment facilities. The city governments of Atlanta and New Orleans, and, in recent weeks, the Washington, D.C., Police…

Source…

Colonial Pipeline hack reveals critical infrastructure risks

/in


Big industrial networks, including the Colonial Pipeline, which has been down for three days following a cyberbreach, fill vital everyday needs such as gasoline, clean water and electricity. Yet these often-aging physical systems are frequently less protected against hackers than corporate information technology networks.

“It’s really a challenge when you have old infrastructure,” said Padraic O’Reilly, co-founder of CyberSaint Security, “because the security tends to be snap-on, ad hoc, reactive, etc.”

Hackers — potentially Russian cybercriminals, according to the FBI — breached the operations of the Colonial Pipeline, which delivers gasoline and diesel to the eastern United States. Operators shut down the line for safety, and if it stays down for a week or more, prices could spike at the pump, analysts fear.

Even though pipelines and power lines serve the public good, companies with shareholders and quarterly earnings run them. They decide how much — or how little — to protect them against digital bad guys.

“They have business objectives to meet, so it’s difficult to justify upgrades on equipment that is running,” said Adam Bixler, global head of third-party cyber risk management at security firm BlueVoyant.

That’s the reality, even though hackers have taken down parts of the power grid in Ukraine, broke into a water-treatment plant in Florida and ruined nuclear centrifuges in Iran.

With Colonial Pipeline, it’s not clear whether the hackers took control of the physical systems, but many analysts say cyberthreat actors have demonstrated they can infiltrate information technology systems and then migrate into physical, operational technology networks.

“I think it’s an open secret that governments around the world have an ‘in’ into other people’s internet systems as well as their major infrastructure,” said Cynthia Quarterman, a former top U.S. pipeline regulator.

The Joe Biden administration plans new cyber rules for agencies and contractors involved in critical infrastructure.

But at the Colorado School of Mines, policy professor Morgan Bazilian said unless rules have teeth and bring…

Source…

We regret ‘creating problems’, say Colonial petroleum pipeline hackers

/in


The hacker group blamed for this weekend’s ransomware attack on the Colonial petroleum pipeline has insisted it only wanted to make money and regretted “creating problems for society”.

In a statement posted on Monday, the criminal group known as DarkSide said it was “apolitical” and attempted to deflect blame for the attack on to “partners” that had used its ransomware technology.

The hack has taken a key US oil pipeline offline for three days, threatening to drive up fuel prices and forcing the US government to bring in emergency powers to keep supplies flowing.

“Our goal is to make money, and not creating problems for society,” DarkSide said, adding that it would “check each company that our partners want to encrypt to avoid social consequences in the future”.

Ransomware attacks involve hackers taking control of an organisation’s data or software systems, locking out the owners using encryption until a payment is made.

DarkSide emerged as one of the leading ransomware outfits last August, and is believed to be run from Russia by an experienced team of online criminals. Silicon Valley-based cyber security company CrowdStrike has traced DarkSide’s origins to the criminal hacking group known as Carbon Spider, which “dramatically overhauled their operations” last year to focus on the fast-growing field of ransomware.

“We are a new product on the market, but that does not mean that we have no experience and we came from nowhere,” DarkSide has said previously.

Brett Callow, an analyst at the cyber security group Emisoft, said: “DarkSide doesn’t eat in Russia. It checks the language used by the system and, if it’s Russian, it quits without encrypting.”

He added that the group rented out its services on the dark web. “DarkSide is a ransomware-as-a-service operation. I assume the attack on Colonial was carried out by an affiliate and the group is concerned about the level of attention it has attracted.”

In a sign of how ransomware has become a professionalised industry, DarkSide operates its own “press office” and claims to have an ethical approach to choosing its targets. DarkSide’s website claims that “based on our…

Source…