Stock Markets
Daily Stock Markets News

Natural Gas

Colonial Pipeline attack: 2 year anniversary

By Street Asset 2 0


In the early hours of 7 May 2021, a Colonial Pipeline worker discovered a ransom note inside the company’s IT systems. Threat actors linked to the DarkSide ransomware organisation had gained access to an outdated VPN account. What followed was one of the most consequential cyberattacks on US energy infrastructure to date, on the largest refined products pipeline in the country.

The security compromise, leveraged to encrypt data on the company’s systems, left Colonial’s massive operational technology (OT) network, including a 5500 mile pipeline responsible for transporting more than 2.5 million bpd, at risk of remote takeover.

According to reports, the hackers gained access to the network and stole approximately 100 gigabytes of data. In order to gain access, the target needs to pay a fee set by the attacker. Usually, there is a threat to publicise the data unless payment is made.

Colonial Pipeline was forced to suspend all operations and temporarily halted all 5500 miles of pipeline operations in an abundance of caution to contain the threat, impacting businesses and millions of people on the east coast of the US; small business owners to commercial truckers faced lines at gas pumps not seen in the country since the 1970s. Gas prices increased, consumers began to panic buy and numerous fuel stations closed as Colonial, the largest US refined oil supplier, held private negotiations to regain access to its digital systems. Shortly after the attack, the FBI confirmed that DarkSide ransomware was behind the compromise.

How did this happen?

Ahead of this incident, cybersecurity regulations of oil and gas pipelines were mostly voluntary, whereby owners and operators chose whether to follow the best practice recommendations voiced by the Transportation Security Administration (TSA). Pipeline security had been a persistent concern for some years, but was not sufficiently addressed by existing government oversight.

A 2019 threat assessment, for example, from the Office of the Director of National Intelligence, identified China as having the ability to disrupt natural gas pipelines for up to several weeks. In July 2021, CISA and the FBI advisory cited a Chinese spear phishing and intrusion campaign from 2011 – 2013, resulting in 13 confirmed compromises against natural gas operators.

The aftermath

In May 2021, immediately following the attack, the TSA issued a directive instructing pipeline operators to report any potential cyberattacks to CISA and have an onsite cybersecurity coordinator present. In July 2021, a second directive called for pipeline operators to alleviate vulnerabilities and increase resilience, as well as advance contingency plans.

One year on from the attack, in May 2022, the Department of Transportation’s Pipeline and Hazardous Materials Safety Administration (PHMSA) announced plans to impose up to US$1 million in penalties against Colonial Pipeline related to multiple control room violations.

In May 2022, PHMSA officials told Cybersecurity Dive the violations listed for Colonial Pipeline were “not exclusive to one operator”, and while the agency continues to respond to noncompliance issues, it also “conducts outreach to increase awareness and help the pipeline industry prepare for and safely respond to any future cyberattacks,” the agency said in an email.

In 2023

Earlier this year, the US Cybersecurity and Infrastructure Security Agency (CISA) unveiled the Ransomware Vulnerability Warning Pilot (RVWP) programme to help ensure critical infrastructure organisations can protect their systems from ransomware attacks. The RVWP pilot aims to keep agencies up to date on possible attack targets so their security teams can act accordingly.

In 2023, two years on from the Colonial Pipeline attack, critical infrastructure is still at risk. In April, a Canadian gas pipeline suffered a security incident that could have caused an explosion at the company’s gas site, according to a New York Times story that cited leaked US intelligence documents. The attackers, from pro-Russia hacking group Zarya, were communicating with Russia’s Federal Security Service (FSB), the primary successor to the KGB, about the incident’s potential for physical damage, according to the leaked documents.

In response to this continued threat, Duncan Greatwood, CEO of software company Xage Security, has made the following comment:

What does it take to embrace zero trust strategies? A ransomware attack, shutting down the Colonial Pipeline and driving panic with gas shortages? A 21 year-old leaking classified documents and exposing state secrets? We shouldn’t need warning shots this severe.

Attacks on critical infrastructure have continued to…



Read More: Colonial Pipeline attack: 2 year anniversary

Street Asset 21365 posts 3 comments

Unleashing the power of exceptional media, StreetAsset.com is your ultimate destination. With captivating content tailored to diverse needs, we exceed expectations. Our team's passion drives ongoing professional development, keeping us at the forefront of the ever-evolving industry. Upholding the highest standards of quality journalism, we inform and shape public opinion with accuracy, integrity, and impartiality. Trustworthy and respected, we are your go-to source of information. Valuing partnerships with advertisers, we offer innovative solutions for maximum impact. At StreetAsset.com, excellence reigns supreme. Join us on this extraordinary journey.

You might also like More from author
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
© 2024 - Paving the Way to Financial Empowerment!. All Rights Reserved.
Website Design: By Ilker Aydin

Get more stuff like this
in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

We respect your privacy and take protecting it seriously