One Year Ago, Hackers Wreaked Havoc on Colonial Pipeline
This week marks the one-year anniversary of the Colonial Pipeline ransomware attack, which shut down a major U.S. fuel pipeline.
Colonial Pipeline paid the hackers, Russian cybercrime group Darkside, a $4.4 million ransom in Bitcoin days after their demand. But last June, the Justice Department recovered $2.3 million in cryptocurrency ransom.
Colonial Pipeline is the largest refined products pipeline in the United States. In the aftermath of the attack, President Biden signed an executive order aimed at strengthening U.S. cybersecurity defenses.
Artur Kane is CMO at GoodAccess, a business cloud VPN provider.
“Ransomware attacks are a prevalent threat to businesses today, yet many companies still neglect the necessary procedures to prevent and contain them,” he said. “Critical infrastructure, in particular, is a lucrative target. Adversaries often pick them because of the high potential impact and the slow adoption of the latest security measures by critical infrastructure operators, leaving them vulnerable to attack.”
Oil, gas, power and water suppliers tend to be conservative in their security policies, which center on reducing the attack surface by building a secure perimeter to repel outside attacks, Kane said. This perimeter, built on legacy technology and outdated networking models, has to be impenetrable if it is to fulfil its function.
“However, users nowadays also need to connect from outside the secure boundary, something the traditional model has trouble coping with,” he said. “User devices connected from outside to the internal network may introduce malicious code, or hackers infiltrate internal systems. Once that happens, there is little to stop them from doing damage because the network can never be completely disconnected when administrators need to access it.”
Monti Knode is director of customer success at Horizon3.AI.
“One thing is still true today – ransomware organizations are truly organized and resourced for their core mission, whereas private and public industries are slow to believe, organize or even acknowledge that cybersecurity is core to their operation,” he said. “Saying it is one thing. Acting and resourcing is another. Organizations should always presume a breach will happen and ask ‘are our crown jewels at risk’ and then verify the answer.”
The second and perhaps more unsettling thing that is true today is that criminals know that more companies are willing to pay than not, Knode said.
“Colonial Pipeline paid in hours – and essentially funded further ransomware efforts,” he said.
