Cybercriminal gang hit Colonial Pipeline with ransomware attack

Cybercriminal gang hit Colonial Pipeline with ransomware attack

Colonial Pipeline, the largest fuel pipeline in the US, has been hit by a ransomware attack resulting in the US government issuing emergency legislation.

Colonial Pipeline, the largest fuel pipeline in the US, has been hit by a ransomware attack.

The company was knocked offline on Friday by the activities of a cybercriminal gang with the result that the US Government issued emergency legislation on Sunday to relax rules on fuel being transported by road.

A statement from Colonial said: “These actions temporarily halted all pipeline operations and affected some of our IT systems, which we are actively in the process of restoring.”

Colonial has engaged third-party cybersecurity experts and launched an investigation into the nature and scope of the attack thought to have been carried out by the DarkSide group.

“We have remained in contact with law enforcement and other federal agencies, including the Department of Energy who is leading the federal government response,” the company said.

“Maintaining the operational security of our pipeline, in addition to safely bringing our systems back online, remain our highest priorities. Over the past 48 hours, Colonial Pipeline personnel have taken additional precautionary measures to help further monitor and protect the safety and security of its pipeline.”

James Shank, Ransomware Task Force (RTF) committee lead for worst case scenarios and Chief Architect, Community Services for Team Cymru, said: “This is troubling and shows the criticality of ransomware as a great threat to national security.

“Targeting pipelines and distribution channels like this attack on the Colonial Pipeline makes sense – ransomware is about extortion and extortion is about pressure. Impacting fuel distribution gets peoples’ attention right away and means there is increased pressure on the responding teams to remediate the impact.

“Doing so during a time when the pandemic response has created other distribution and supply chain problems, many of which will require timely and efficient distribution of goods, adds to the pressure.

“This emphasizes the need for a co-ordinated effort that bridges public and private sector capabilities to protect our national interests. We cannot think of these attacks as impacting private companies only – this is an attack on our country’s infrastructure.”  

Steve Forbes, Government Cybersecurity Expert at Nominet, emphasized the domino effect of the attack.

“The declaration of a state of emergency due to cyberattack could become the new normal,” he said. “With the largest fuel pipeline in the US grinding operations to a halt due to a ransomware attack, the attack on Colonial is likely to have a ripple effect across the globe.

“The attack will be a stark reminder of how connected our world now is. While the demand for oil across the US East Coast is evident, the fact that this is already impacting the financial markets and traders, demonstrates that it really is the tip of the iceberg.

“That’s not to mention the fact that the severity of this breach will worsen if confidential information is leaked, as the group has threatened. Being able to take systems offline and begin a process of restoration is undeniably important, but there is an additional threat if this data is exposed. It underlines the importance of international collaboration to bring down these highly co-ordinated groups early in their development if we want to protect our critical services.

“As we watch the domino effect of this cyberattack, it is very apparent that impact is not limited to systems and software – victims will come in all shapes and sizes, from industries to individuals.”

John Vestberg, Co-founder and CEO of Clavister, said: “The DarkSide ransomware attack on the Colonial Pipeline highlights the increasing risk cybercriminals pose to critical national infrastructure (CNI).

“CNI, such as oil and gas, is a prime target for these ransomware gangs – systems are underpinned by a myriad of complex information and operational technology devices and so the consequences if these are infiltrated can be devastating. Attacks on CNI risk become the norm if action is not taken.

 “A proactive, rather than reactive approach is needed. Using predictive analytics and tools like AI or Machine Learning, for example, we can see malware morphing and behaving in certain ways and catch it sooner.

“The DarkSide attack should serve as a warning; CNI systems are becoming more sophisticated and technical – especially as we enter the era of 5G which we will soon rely on. Going forward countries, cannot afford to have any weak spots and must step up their cybersecurity solutions to support the technology used.”

Browse our latest issue

Intelligent CISO

View Magazine Archive