Colonial pipeline ransomware hackers had a secret weapon: self-propelled cybersecurity companies
[ad_1]
The U.S. government has also boosted private industry to strengthen cybersecurity defenses, including pipeline companies. Cybersecurity oversight is split between agencies ’alphabet soup, hindering coordination. The Department of Safety conducts “vulnerability assessments” of critical infrastructure, including piping.
Around 2013 he reviewed the Colonial Pipeline as part of a study of the locations where a cyber attack could cause disaster. The pipeline was deemed resistant, meaning it could be recovered quickly, a former DHS official said. The department did not respond to questions about subsequent reviews.
Five years later, DHS created pipeline cybersecurity initiative to identify weaknesses in pipeline computer systems and recommend strategies to address them. Participation is voluntary, and one person familiar with the initiative said it is more useful for small businesses with specialized home computing than for large ones like Colonial. The National Risk Management Center, which oversees the initiative, also tackles other thorns issues such as electoral security.
Ransomware has been around since 2012, When the advent of Bitcoin made it difficult to track or block payments. The criminals ’tactics have evolved from indiscriminate“ spray and prayer ”campaigns that seek a few hundred dollars, targeted at specific companies with billions of dollars in demand, government agencies, and nonprofit groups.
Attacks on energy businesses have intensified during the pandemic, not only in the US, but also in Canada, Latin America and Europe. As companies allowed employees to work from home, they eased some security checks, McLeod said.
DarkSide took what is known as the “ransomware-as-a-service” model. Under this model, he collaborated with affiliates who launched the attacks. Affiliates received between 75% and 90% of the ransom, while DarkSide retained the rest.
Since 2019, many gangs have come under pressure with a technique called “double extortion”. Upon entering a system, they steal sensitive data before it launches ransomware that encrypts files and makes it impossible for hospitals, universities and cities to do their daily work. If losing access to a computer isn’t scary enough, they threaten to reveal confidential information, often putting samples as leverage. For example, when the Washington, DC police department failed to pay the $ 4 million ransom demanded by the Babuk gang last month, Babuk released intelligence instructions, names of criminal suspects and witnesses and employee files, medical information and a polygraph test. results, officials and job candidates.
[ad_2]
Source link
