How the Most Harmful Cyberattack on U.S. Critical Infrastructure Could Have Been Avoided and What You Can Do to Safeguard Your Business
If we have learned anything as a nation in the last year, let us acknowledge that we are vulnerable. In a short period of time, we experienced a global pandemic, soaring rates of cybercrime, and a flurry of other shocking news headlines.
At NOYNIM IT Solutions, we believe there is a fine line between fear and productivity. Our mission is to keep you informed about cybercrime trends, so you can best mitigate risk, get back to business, and reclaim some of your power in an increasingly volatile world.
This week, we shed light on the recent Colonial Pipeline cyberattack. We walk you through what happened, how it could have been avoided, and what you can do to safeguard your business.
What Happened to Colonial Pipeline?
Colonial Pipeline is the biggest petroleum pipeline in the nation. According to the company, it provides the East Coast with 45% of its petroleum products, gasoline, and jet fuel. On May 6, 2021, Colonial confirmed that their IT systems were compromised by ransomware.
The company instantly shut down four mainlines that transport diesel, jet fuel, and gasoline. Four days later, Colonial’s CEO warned state officials of a possible fuel shortage. Shortly after, the East Coast was heavily impacted by the deficit. The pipeline was down for days leading to a spike in gas prices and panic buying.
As the situation developed, we learned that the attack hinged on a single leaked password. Hackers gained access through a legacy Virtual Private Network (VPN) configured with single factor authentication. This differs from multi-factor authentication which we will further explain below.
Colonial ended up paying the $5 million ransom to regain access to its systems. Colonial CEO, Joseph Blount Jr., reported that he made the decision to pay the threat actor who is identified as the cybercriminal group, DarkSide. In another turn of events, U.S. law officials reported this week that they were able to recover $2.3 million in bitcoin paid to DarkSide.
The Impact of Colonial Pipeline’s Breach
While Colonial’s situation caused damage, the reality is that it could have been much worse. Even if you pay a ransom, there is no guarantee that you will regain access to your systems or data. Additionally, the fact that they were able to recover part of the ransom speaks volumes about our collective attention to ransomware.
As a result of the attack, we now understand how urgent it is to protect our critical infrastructure from threat actors. Wired reports how “Hackers have digitally crippled and extorted hospitals, hacked law enforcement databases and threatened to publicly out police informants …” Fortunately, officials are taking proactive measures to mitigate ransomware.
For example, the Department of Justice (DoJ) recently launched a new task force assigned to combating ransomware attacks. Forbes reports “The new Ransomware and Digital Extortion Task Force will help track cyberattacks and digital extortion schemes.” Their first seizure was the $2.3 million in bitcoin recovered for Colonial.
The new DoJ task force looks very promising. This month, they began taking measures to elevate investigations of ransomware to the same level as terrorism. They believe prioritizing ransomware allows for comprehensive investigations. The Justice Department’s monumental move to direct resources toward ransomware demonstrates how the U.S. is taking these threats seriously.