For many years, the defined in the cybersecurity industry State -sponsored hackers could disrupt large numbers of U.S. energy infrastructure. in a geopolitically driven cyberwar act. But now it is apparent profit -centered cybercriminal hackers have created a mess that military and intelligence agency hackers never dared to do, shutting down a pipeline carrying nearly half the fuel that feeds the East Coast of the United States .
On Saturday, the company Colonial Pipeline, which operates a pipeline carrying gasoline, diesel fuel, and natural gas along the 5,500 -mile route from Texas to New Jersey, released a statement confirmation reports that hackware ransomware has hit its network. In response, Colonial Pipeline said it was shutting down parts of the pipeline operation in an attempt to curb the threat. The incident represents one of the most disruptive disruptions to America’s critical infrastructure by hackers in history. It also provides yet another demonstration of how serious the worldwide ransomware epidemic is.
“This is the biggest impact on the U.S. energy system we’ve seen from a cyberattack, full stop,” said Rob Lee, CEO of security-focus-infrastructure firm Dragos. Aside from the financial impact of the Colonial Pipeline or the many suppliers and customers of the fuel it carries, Lee points out that about 40 percent of U.S. electricity by 2020 will be generated by burning natural gas, more from other sources. That means, he argues, that the threat of cyberattacks on a pipeline poses a significant threat to the civilian power grid. “You have a real potential to affect the electricity system in a broad way by cutting off the supply of natural gas. This is a factor,” I think Congress has questions. The ransomware hit a provider from a criminal act, wasn’t it a state-initiated attack, and affected the system as such? ”
The Colonial Pipeline’s brief public statement said it was “launching an investigation into the nature and scope of this incident, which is ongoing.” Reuters reports that responders to the incident from security firm FireEye were assisting the company, and that investigators suspect that a The ransomware group known as Darkside be responsible. Agreed to a report at security firm Cybereason, Darkside compromised more than 40 victim organizations and demanded from them $ 200,000 and $ 2 million in ransom.
The closure of the Colonial Pipeline comes amid a growing ransomware epidemic: There are hackers digitally crippled and extorted hospitals, hacked law enforcement databases and threatened to release police informants to the public, ug paralyzed municipal systems in Baltimore and Atlanta.
Most ransomware victims never report their attacks. But Lee said his company has seen a significant increase in ransomware operations targeting industry-leading control systems and critical infrastructure, while profit-focused hackers are looking for the most sensitive. and high -value targets to prevent risk. “Criminals are starting to think about targeting the industry, and in the last seven or eight months we’ve seen an increase in cases,” Lee said. “I think we’ll see a lot more.”
In fact, ransomware operators have become even more victimized by the industry in their view in recent years. Hydro Norsk, Hexion, and Momitive everyone was hit by ransomware in 2019, and security researchers last year discovered Ekans, the The first ransomware was apparently planned for breaching industry control systems. Even targeting a gas pipeline operator isn’t entirely yet done like this: In late 2019, hackers planted ransomware in the networks of an unnamed U.S. natural gas pipeline company, Cybersecurity and Infrastructure Security Agency warned in early 2020—Although not one the size of the Colonial Pipeline.
In the first ransomware attack on the pipeline, CISA warned that hackers had gained access to both the IT systems and “operating technologies” systems of the target pipeline firm-the computer network responsible for the physical control. equipment. In the case of Colonial Pipeline, it is not yet clear whether hackers are hiding that gap in systems that could allow them to interfere with the physical condition of the pipeline or create a dangerous physical condition. Just having extensive access to the IT network could cause enough for the company to shut down pipeline operations as a precaution, said Joe Slowik, a security researcher for Domaintools who was previously heads the Computer Security and Incident Response Team at the U.S. Department of Energy. “The operator did the right thing in this case as a response to the events,” Slowik said. “If you can’t ensure positive environmental control and clearly visible operations, then you need to shut it down.”