BACKGROUND:
US fuel pipeline operator Colonial Pipeline has temporarily halted all pipeline operations after a cyberattack, the company said in a statement late on Friday. The company is a major US supplier of gasoline, diesel, jet fuel, and other refined products. It transports around 45% of fuel supplies around the US east coast. Colonial Pipeline said it learned of the attack on Friday, but provided no details of the type of hacking incident. In response, the firm took systems offline to contain the threat, it said in the statement. This temporarily halted operations and affected some of its IT systems, it said.
The following cybersecurity experts have provided comment on this story:
<p>Using AI technology helps prevent ransomware attacks like the Colonial Pipeline breach, by spotting anomalies and blocking future unknown attacks that traditional antivirus tools wouldn\’t recognise and would get lost in the noise with traditional EDR tools. We don’t feel any company should fall prey to these types of attack, and by adopting a prevention-first strategy, they won’t. Humans and tech must work hand in hand, so the professionals are equipped with the right knowledge and skillsets to keep our enterprises, and our country, safe, even before the attackers have the chance to strike.</p>
<p><span lang=\"EN-US\">It doesn’t matter whether you’re securing a gas pipeline or life-saving medical devices, securing critical embedded systems presents unique and complex challenges. The reality is that utility companies are more often investing in IT to drive greater levels of convenience, which means that security is sometimes addressed in a siloed fashion and deprioriti</span><span lang=\"EN-US\">s</span><span lang=\"EN-US\">ed during times where budgets are scarce. </span> </p> <p> </p> <p><span lang=\"EN-US\">On top of this, cybersecurity attacks have ramped up in volume and ferocity since the COVID-19 pandemic began a year ago. This recent attack should serve as an important wake-up call for all those who have a role to play in securing critical embedded systems that these days threat actors will stop at nothing to cause harm, sometimes regardless of whether there is a financial gain to be had. The only way to keep the enemy out is to ensure you have good cyber hygiene practices in place, as well as cutting edge cybersecurity solutions that can detect, protect and deter </span><span lang=\"EN-US\">this</span><span lang=\"EN-US\"> sort of attack in the future.</span> </p>
<ul style=\"font-weight: 400;\"> <li>Hackers now see critical infrastructure as low-hanging fruit. With the rise of Industrial IoT sensors coupled with outdated legacy IT systems not designed to withstand blistering hacks, this makes critical infrastructure a perfect target for cybercriminals. </li> </ul> <p style=\"font-weight: 400;\"> </p> <ul style=\"font-weight: 400;\"> <li>Recent <a href=\"https://www.skyboxsecurity.com/trends-report/?utm_source=owned-press&utm_medium=organic&utm_campaign=c:vulnerability-report_p:zero_t:global_c:article_r:&utm_content=&term=\" data-saferedirecturl=\"https://www.google.com/url?q=https://www.skyboxsecurity.com/trends-report/?utm_sourceowned-pressutm_mediumorganicutm_campaignc:vulnerability-report_p:zero_t:global_c:article_r:utm_contentterm&source=gmail&ust=1620897321368000&usg=AFQjCNG0G7TC8FZeuQQz8yPMlSX74VgWVw\">research</a> highlights how these types of attacks continue to trend upward as OT attacks jumped by 30% in 2020 alone and IIoT flaws increased 308% year-over-year.</li> </ul> <p style=\"font-weight: 400;\"> </p> <ul style=\"font-weight: 400;\"> <li>Leaders in this space are often in a Catch 22. OT-reliant industries (such as utilities and manufacturing) can’t afford to shut down for comprehensive overhauls of legacy technology; freezing operations means lost dollars. Hackers are seizing the opportunity to attack OT-reliant organisations, enterprises, and governments, knowing they will pay hefty ransoms to prevent disruption. </li> </ul> <p style=\"font-weight: 400;\"> </p> <ul style=\"font-weight: 400;\"> <li>Additionally, OT device vulnerability scans and remediation often happen only once or twice per year, if at all, limiting visibility on the constantly evolving threats and leaving vulnerabilities unpatched for months. Years of computer and network neglect only compound the urgent need to shore up security. </li> </ul> <p style=\"font-weight: 400;\"> </p> <ul style=\"font-weight: 400;\"> <li>Apathy is arguably the most significant risk to critical infrastructure security. Security and facility leaders in OT-dependent industries must evolve their thinking and take action to avoid ending up in the crosshairs of a hacker. </li> </ul> <p style=\"font-weight: 400;\"> </p> <ul style=\"font-weight: 400;\"> <li>Taking a proactive approach to visualize and analyse IT/OT networks and hybrid, multi-cloud collectively will provide critical insight into the attack surface and help prevent future OT attacks from happening. </li> </ul>
<p>Ransomware-as-a-Service is big business and we are not surprised groups like DarkSide are capitalizing on extortion techniques that are quickly becoming a hallmark for many eCrime actors. The hallmark of DarkSide attacks, among other eCrime groups, is that they do extensive research on their targets and are mainly interested in large corporations. This creates a sense of urgency especially as we see critical infrastructure suffering kinetic impact. This situation illustrates a growing security crisis. It’s imperative that if prevention fails, there is a world-class security operations infrastructure in place to detect, manage, and mitigate any threat.</p>
<p>The ransomware attack against the Colonial Pipeline company not only shut down operations across one of the US’s most crucial 5,500-mile energy infrastructures but it exposed a significant weakness in the national cybersecurity strategy that has been 20 years in the making. </p> <p> </p> <p>This latest incident should be a red line for US critical infrastructure owners, operators, regulators, and the Department of Homeland Security. Although much work has gone into hardening industrial control systems during the last decade, they remain vulnerable to a wide variety of cyber threats because of connections between business and operational networks.</p> <p> </p> <p>There are now malicious actors who are characterising themselves as bona fide businesses with their own set of ethics, but who are themselves not in control of their overall impact due to the interconnectedness of businesses and operational networks. These interconnections lay bare the networks that power the economy and way of life — networks that now face cyber-attacks and adversaries increasing in sophistication.</p> <p> </p> <p>The growing pace and sophistication of nation-state attacks, coupled with an ever-expanding attack surface, makes our ability to accurately quantify and prioritise cyber risks within the context of individual businesses an urgent priority. Critical infrastructure cybersecurity must adopt a risk-led security strategy backed by a real-time decision and operational support system to ensure it can mitigate future threats.</p>