Tag Archive for: pipeline

Cyber Security Stocks To Watch After Colonial Pipeline And JBS Hacks

/in


Our theme of Cyber Security Stocks remains down by about 1% year-to-date, significantly underperforming the S&P 500 which has gained about 13% over the same period. However, the theme has picked up a bit since our last update in mid-May, when it was down by 6%.The underperformance versus the broader indices is likely due to the fact that most of the stocks in the theme are high-growth, high-multiple names that have been out of favor in the current market, as investors rotate into value and cyclical stocks to play the post-Covid boom in the U.S. economy. However, there’s good reason for investors with a long-term view to increase their exposure to cybersecurity stocks. Companies and governments are getting more serious about protecting their networks and infrastructure, following multiple high-profile cybersecurity incidents in recent months, including the ransomware attack on the Colonial Pipeline, the SolarWinds
SWI
 hack, and the recent cyber attack on JBS – the world’s largest meat supplier. The increasing shift from on-premise to cloud-based information systems should also make companies prioritize security. Moreover, IT spending by corporates, in general, is likely to pick up from this year, after they scaled back on spending in 2020 due to Covid-19. This should bode well for companies that provide software, hardware, and services that help protect computer systems and networks.

Within our theme, Fortinet
FTNT
 a company that provides cybersecurity-related hardware and software, has been the strongest performer, rising by about 49% year-to-date on account of stronger than expected quarterly results and its pivot to the cloud. On the other side, the stock price for Qualys
QLYS
 a company that provides cloud security, compliance, and related services, remains down by about 18% this year, as its guidance for this fiscal year was weaker than expected.

[5/17/2021]

Our theme of Cyber Security Stocks has declined by about…

Source…

Colonial Pipeline CEO tells Senate decision to pay hackers was made quickly

/in


Colonial Pipeline CEO Joseph Blount said Tuesday that his company paid hackers a $4.4 million ransom a day after discovering malware on its systems in early May. The company also hired outside consultants to handle negotiations with the hackers, who were paid in the bitcoin cryptocurrency.



a close up of a sign: Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations. Jim Watson/Getty Images

© Provided by CNET
Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations. Jim Watson/Getty Images

Blount, who was testifying before the Senate Committee on Homeland Security and Governmental Affairs, said the decision to pay the ransom on May 8 was made by the company itself. Federal authorities, however, were notified of the hack within hours of its discovery. 

Loading...

Load Error

“I made the decision to pay, and I made the decision to keep the information about the payment as confidential as possible,” Blount said. “I kept the information closely held because we were concerned about operational safety and security, and we wanted to stay focused on getting the pipeline back up and running.”

The testimony comes a day after the FBI said it had recovered millions of dollars in bitcoin paid to the DarkSide ransomware gang, which attacked the pipeline last month, prompting a shutdown of the East Coast’s main fuel-supply artery. The stoppage led to gasoline hoarding and soaring prices as motorists filled tanks amid uncertainty about supplies.

On Monday, the DOJ said it seized 63.7 bitcoins valued at a total of about $2.3 million, part of the ransom demanded by DarkSide. The criminal enterprise, which has since said it disbanded, is thought to be based in Russia.

The hack promoted the government to issue new cybersecurity regulations for operators of pipelines. The new security directive, issued by the DHS Transportation Security Administration, requires critical pipeline companies to report confirmed and potential cyberattacks to the US Cybersecurity and Infrastructure Security Agency. The directive also requires pipeline companies to undertake a review of their current security practices to identify any risks or gaps. Companies must report results of these reviews to the TSA and CISA within 30 days.

America’s energy crisis: How the…

Source…

US Recovers Millions In Bitcoin Paid During The Colonial Pipeline Attack

/in


U.S. officials announced in a press conference Monday afternoon the successful recovery of some of the funds paid in the recent Colonial Pipeline hack. Deputy Attorney General Lisa Monaco of the Department of Justice noted that the scope of the investigation involved “…going after an entire ecosystem that fuels ransomware and digital extortion attacks including criminal proceeds in the form of digital currency.” Monaco declared, “…we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks and other cyber-enabled attacks.” Paul Abbate, the deputy director of the FBI, said the bureau successfully seized the ransom funds from a bitcoin wallet that DarkSide used to collect Colonial Pipeline’s payment.

Colonial Pipeline temporarily shut down its operations on May 7 after Russian-based criminal hackers from the organization DarkSide broke into its computer system, stalling a company that provides almost half of the fuel to the East Coast of the U.S. While Colonial Pipeline ended up paying $4.4 million in digital currency, the amount that was recovered today was not revealed.

The United States Department of Justice had recently instructed the U.S. Attorney’s Offices across the country to coordinate cases involving ransomware, cyberattacks, and illicit marketplaces with a newly created ‘Ransomware and Digital Extortion Task Force’. According to Monaco, the Task Force was established to investigate disrupt, and prosecute ransomware and digital extortion activity. “This is the Task Force’s first operation of its kind,” said Monaco.

Message To U.S. Corporations: Improve Your Computer Security Now

According to Monaco, these types of ransomware are more diverse, sophisticated, and dangerous to which no organization is immune. Monaco specifically addressed U.S. corporations in the press conference that the , “…threat of…

Source…

Hackers breached Colonial Pipeline with one compromised password | Cybercrime News

/in


The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.

Hackers gained entry into the networks of Colonial Pipeline Co. on April 29 through a virtual private network account, which allowed employees to remotely access the company’s computer network, said Charles Carmakal, senior vice president at cybersecurity firm Mandiant, part of FireEye Inc., in an interview. The account was no longer in use at the time of the attack but could still be used to access Colonial’s network, he said.

The account’s password has since been discovered inside a batch of leaked passwords on the dark web. That means a Colonial employee may have used the same password on another account that was previously hacked, he said. However, Carmakal said he isn’t certain that’s how hackers obtained the password, and he said investigators may never know for certain how the credential was obtained.

The VPN account, which has since been deactivated, didn’t use multifactor authentication, a basic cybersecurity tool, allowing the hackers to breach Colonial’s network using just a compromised username and password. It’s not known how the hackers obtained the correct username or if they were able to determine it on their own.

“We did a pretty exhaustive search of the environment to try and determine how they actually got those credentials,” Carmakal said. “We don’t see any evidence of phishing for the employee whose credentials were used. We have not seen any other evidence of attacker activity before April 29.”

Colonial paid the hackers, who were an affiliate of a Russia-linked cybercrime group known as DarkSide, a $4.4 million ransom shortly after the hack [File: Samuel Corum/Bloomberg]

Ransom Note

A little more than one week later, on May 7, an employee in Colonial’s control room saw a ransom note demanding cryptocurrency appear on a computer just before 5 a.m. The employee notified an operations supervisor who immediately began to start the process of shutting down the pipeline, Colonial Chief Executive Officer Joseph Blount…

Source…