Tag: pipeline | Page 6

Lawsuit Alleges Lax Cybersecurity Allowed Pipeline Hack

May 27, 2021/in Computer Security

(TNS) — Still reeling from a devastating Russian-based ransomware attack earlier this month, Colonial Pipeline is now the subject of a lawsuit alleging the Georgia-based company employed lax cybersecurity measures that left it vulnerable to such an attack.

The lawsuit was filed May 18 in the U.S. District Court for the Northern District of Georgia, according to Bloomberg Law. Plaintiff Ramon Dickerson said the company breached its duty to employ industry security standards which resulted in system outages that harmed consumers by raising prices at the pump.

“As a result of the Defendant’s failure to properly secure the Colonial Pipeline’s critical infrastructure — leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021 — there have been catastrophic effects for consumers and other end-users of gasoline up and down the east coast,” Dickerson alleged.

On May 7, hackers locked up the company’s computer systems. The hackers didn’t take control of pipeline operations, but the Alpharetta-based company shut it down to prevent malware from affecting industrial control systems. President Joe Biden later said the attack was the work of Russian-based hackers, though he added the U.S. does not believe the Russian government was responsible.

Colonial Pipeline CEO Joseph Blount said he approved paying more than $4 million to the Russian-based hackers who cyber attacked his company because “it was the right thing to do for the country.”

In a May 19 interview published by The Wall Street Journal, Blount said he authorized the ransom payment of $4.4 million because executives were unsure how badly the cyber attack had breached its systems or how long it would take to bring the pipeline back.

“I know that’s a highly controversial decision,” Blount said. “I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this. But it was the right thing to do for the country.”

The interview was the first time Blount or the company acknowledged paying the ransom. He also said it will take months and cost the company…

Source…

Prioritizing a Proper Response to the Colonial Pipeline Hack.

May 27, 2021/in Internet Security

The best way to get the American public’s attention is to hit them in their wallets, especially if it happens at the gas pump. Still, inviting the ire of the entire East Coast and commanding headlines of major news publications for a week was certainly not what the DarkSide ransomware group had in mind when they targeted Colonial Pipeline’s IT infrastructure. On May 7th, DarkSide launched a ransomware attack against Colonial Pipeline, resulting in a shutdown of their entire operation and an eventual ransom payment of $5 million.

It seems that the most powerful nation in the history of the world has a major issue with cyber threats…

While most Americans were wrapped up in the more sensational parts of the story—plastic bags filled with gas or the mysterious perpetrator and any possible ties they may have to the Russian government—there is a more serious underlying issue that is garnering less attention. It seems that the most powerful nation in the history of the world has a major issue with cyber threats, and despite some promising solutions that are being implemented as a result of this recent hack, there is still a prioritization issue and an ongoing ignorance about the proper path forward.

Ironically, not many people know what good cyber security hygiene looks like despite spending most of their days within the cyber world. Part of that can be explained away by the novelty of this new way of living where we are permanently connected, but the amount of time left to use that excuse is running out. Americans are soon going to wake up to find that all their personal data is littered throughout the world’s computer infrastructure, just waiting for a crafty hacker to steal.

Thankfully, the blinders are starting to lift, ever so slightly, as drivers are confronted with the price to fill up—if they can find gas at all.

Out of service gas pump.

CALCULATE THE RISK, THEN ASSUME BREACH

Businesses are not ignorant of the dangers that they face, especially after the high-profile cyber attacks targeting SolarWinds’ software and Microsoft Exchange servers. The…

Source…

The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms

May 24, 2021/in Computer Security

Similarly, the US government has made only modest headway in pushing private industry, including pipeline companies, to strengthen cybersecurity defenses. Cybersecurity oversight is divided among an alphabet soup of agencies, hampering coordination. The Department of Homeland Security conducts “vulnerability assessments” for critical infrastructure, which includes pipelines.

It reviewed Colonial Pipeline in around 2013 as part of a study of places where a cyberattack might cause a catastrophe. The pipeline was deemed resilient, meaning that it could recover quickly, according to a former DHS official. The department did not respond to questions about any subsequent reviews.

Five years later, DHS created a pipeline cybersecurity initiative to identify weaknesses in pipeline computer systems and recommend strategies to address them. Participation is voluntary, and a person familiar with the initiative said that it is more useful for smaller companies with limited in-house IT expertise than for big ones like Colonial. The National Risk Management Center, which oversees the initiative, also grapples with other thorny issues such as election security.

Ransomware has skyrocketed since 2012, when the advent of Bitcoin made it hard to track or block payments. The criminals’ tactics have evolved from indiscriminate “spray and pray” campaigns seeking a few hundred dollars apiece to targeting specific businesses, government agencies and nonprofit groups with multimillion-dollar demands.

Attacks on energy businesses in particular have increased during the pandemic—not just in the US but in Canada, Latin America, and Europe. As the companies allowed employees to work from home, they relaxed some security controls, McLeod said.

DarkSide adopted what is known as a “ransomware-as-a-service” model. Under this model, it partnered with affiliates who launched the attacks. The affiliates received 75% to 90% of the ransom, with DarkSide keeping the remainder.

Since 2019, numerous gangs have ratcheted up pressure with a technique known as “double extortion.” Upon entering a system, they steal sensitive data before launching ransomware that encodes the files and makes it…

Source…