This past week Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas along a 5,500-mile path from Texas to New Jersey, was forced to take itself offline after being attacked by a criminal cyber gang. The Colonial Pipeline, which carries 2.5 million barrels a day, nearly 50% of the East Coast supply of diesel, gasoline, and jet fuel, is still working to restore service and gain access to its systems after the malicious cyberattack while its four mainlines remain offline.
The attack comes at a pivotal time for oil future traders, as the demand for vehicle fuel is bound to skyrocket as consumers return to their workplaces to attempt to negate the effects of the pandemic. The U.S. government is now allowing fuel transportation vehicles to go beyond their normal delivery limits in order to lessen the blow of the Colonial Pipeline shutdown, but the amount of fuel currently available still doesn't meet demands.
For years, the cybersecurity industry has warned that state-sponsored hackers could shut down large swathes of U.S. energy infrastructure in a geo-politically motivated act of cyberwar. Now, this incident represents one of the largest disruptions of critical American infrastructure by hackers in history, while it also provides yet another demonstration of how essential cybersecurity has become today.
"With an increasing number of users, devices, and programs in the modern enterprise, combined with the increased deluge of data, much of which is sensitive or confidential, the importance of cybersecurity continues to grow," said Mohie Ahmed, Solutions Architect at Ironsphere, a software and privileged access management company, when asked about the importance of cybersecurity. "The growing volume and sophistication of cyber attackers and attack techniques only make a good cybersecurity system all the more necessary."
The attack itself is ransomware, which is a form of malware in which an attacker locks the victim's computer system files and demands a payment to decrypt and unlock them. Ransom software works by encrypting victims' data, in which typically hackers will then offer the victim a key in return for payments, which will usually cost hundreds of thousands or even millions of dollars. If the victim resists, hackers will increasingly threaten to leak confidential data in a bid to pile on the pressure.
And while ransomware attacks will usually target an organization or a business for the greatest potential payout, individuals must also be wary of cyber ransomware attacks. Anyone with a computer connected to the internet and anyone with important data stored on their computer or network is at risk.
However, the U.S. energy sector is growing particularly vulnerable to ransomware attacks as O.T. merges with I.T. like business and email networks. The increasing digitization of power grid and pipeline equipment means it's becoming easier for ransomware attackers to move from the I.T. side to the O.T., making cybersecurity systems like privileged access management crucial for every business today.
"A growing number of ransomware groups are working to infect the O.T. systems that control industrial and manufacturing equipment, with the aim of totally disrupting their victims' operations," said Ahmed. "Organizations increasingly connect those more sensitive networks to the internet for efficiency and remote automation, and a spate of vulnerabilities in the VPNs companies use to remotely connect to those networks has left them more exposed."
It's not yet clear if the hackers bridged that gap to systems that could have actually allowed them to meddle with the physical state of the pipeline or create potentially dangerous physical conditions at Colonial Pipeline. However, merely gaining broad access to the I.T. network was cause enough for the company to shut down the pipeline's operation as a safety precaution.
The attackers in the Colonial Pipeline attack were confirmed by multiple sources to be DarkSide, a cyber-criminal gang that is highly organized and "runs like a business." A research study done on the cyber gang found information that points to DarkSide being of a Russian speaking country, with Russia, Ukraine, Belarus, Georgia, Armenia, Moldova, Azerbaijan, Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan, and Uzbekistan being on their list of countries to avoid attacking.
The group, which stole almost 100GB of data from Colonial Pipeline during the attack, is just one of many in the new digital age that use ransomware almost as if it is a service. The estimated cost for businesses to restore and mitigate ransomware attacks is projected to be over 20 billion in 2021, according to research from Cybersecurity Ventures, with the same projections showing that in 2021 a business will fall victim to a ransomware attack every 11 seconds.
Cyber threats such as ransomware became worse during the pandemic, as the number of cyber breaches went up 273 percent during the first quarter of the pandemic. And even with vaccines starting to roll out and some businesses switching back to traditional workspaces, Ahmed states that businesses better prioritize cybersecurity, or they will be left to experience the unfortunate consequences.
"As reliance on digital technologies continues to increase, cyberattacks have become too sophisticated. Thus, organizations that rely on outmoded cybersecurity strategies leave themselves vulnerable to a potential cyberattack," said Ahmed. "That leaves critical infrastructure providers in the U.S. with little choice but to bolster their defenses. Privileged Access Management solutions, such as Ironsphere's, are now must-haves against an onslaught of loosely organized criminal hackers, whose disruptive ambitions are only growing."
Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.
Edited by Luke Bellos