Tech News

Colonial Pipeline Hack is the new extreme of Ransomware

[ad_1]

Over the years the cybersecurity industry has warned state-backed hackers could shut down large chunks of U.S. energy infrastructure in an action of geopolitically motivated cyber warfare. But it seems that hackers in for-profit cybercriminals have shut down a pipeline that carries nearly half of the fuel consumed on the east coast of the U.S. by hackers from the military and intelligence agency who have never dared.

On Saturday, the Colonial Pipeline Company operates a 5,500-mile pipeline that transports gasoline, diesel and natural gas from Texas to New Jersey. statement confirms reports that ransomware hackers attacked his network. In response, Colonial Pipeline says it closed some parts of the pipeline operation in an attempt to contain the threat. The events are one of the biggest disruptions in American critical infrastructure by hackers in history. It also offers another demonstration of how serious the global epidemic of ransomware has become.

“This is the biggest impact we’ve seen in the U.S. energy system from a cyberattack, to the point,” says Rob Lee, CEO of security firm Focus on Critical Infrastructure Dragos. Aside from the economic impact on the Colonial Pipeline or the many suppliers and customers of the fuel it transports, Lee noted that by 2020 about 40% of U.S. electricity would be generated by burning natural gas, more than any other source. This means, in his view, that the threat of cyberattacks on the pipeline poses a major threat to the civilian electricity grid. “You have a real ability to effectively influence the electrical system by cutting off the natural gas supply. This is a great thing,” he added. “I think Congress will have questions. Did a provider hit the ransomware for a criminal act? Wasn’t this also a state-sponsored attack, and did that affect the system?”

According to the Colonial Pipeline’s brief public statement, “it has launched an investigation into the nature and scope of this ongoing event.” Reuters reports FireEye is responsible for the company’s alleged incidents that help the company and the investigators suspect A ransomware group known as Darkside can be responsible. According to a report Cybereason security firm Darksid has put more than 40 victims at risk and demanded a ransom of between $ 200,000 and $ 2 million.

The closure of the Colonial Pipeline is exacerbating the ransomware epidemic: hackers have it digitally handicapped and extorted hospitals, and hacked law enforcement databases the police informant threatened to release him publicly, and paralyzed municipal systems in Baltimore and Atlanta.

Most victims of ransomware never report their attacks. Lee says his company has seen a significant increase in ransomware operations targeting industry control systems and critical infrastructure, as profit-based hackers seek the most sensitive and high-value targets at risk. “Criminals have started to think about the industry target, and we’ve been seeing a rise in cases over the last seven or eight months,” Lee says. “I think we’ll see a lot more.”

In fact, ransomware operators have had more and more victims in the industry for years. Hydro Norsk, Hexion and Momentive all hit ransomware in 2019, and last year security researchers found Ekans the first ransomware is apparently tailor-made for crippling industrial control systems. The targeting of the gas pipeline operator is also not entirely precedent: in late 2019, hackers planted ransomware on the networks of the unnamed U.S. natural gas pipeline company, Cybersecurity and Infrastructure Security Agency. he warned in early 2020“Even if it’s not the size of the Colonial Pipeline.”

In a previous ransomware attack on pipes, CISA warned that hackers had gained access to both IT systems and the “operating technology” systems of the targeted pipeline company – the computer network responsible for controlling physical equipment. In the case of Colonial Pipeline, it is still unclear to the systems that could have allowed hackers to interfere with the physical condition of the pipeline that overcame this gap or create potentially dangerous physical conditions. Joe Slowik, a security researcher at Domaintools, who led the U.S. Department of Computer Security and Incident Response Group, said that gaining broad access to the computer network could be enough to shut down the company’s pipeline operation as a security measure. Energy. “In this case the operator has done the right thing in the face of the events,” says Slowik. “When you can’t ensure positive control over the environment and clear visibility in operations, you have to shut down.”

[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button