Critical Infrastructure: Ransomware Attack on Colonial Pipeline Forces Shut Down of Operations

In what some experts are calling the most significant cyberattack on U.S. critical infrastructure, Colonial Pipeline was struck by a ransomware attack on Friday, May 7th and forced to suspend all operations. Experts believe the attack was orchestrated by a professional organization.

Here is what you need to know:

  • Colonial Pipeline is the largest refined products pipeline in the United States. It provides 45% of the fuel used on the East Coast, and is a supplier for the world’s busiest airport, Atlanta’s Hartsfield Jackson. The Colonial Pipeline is responsible for transporting more than 100 million gallons of fuel – 2.5 million barrels – per day via pipelines between Texas and New Jersey.
  • The attackers conducted a ransomware attack – encrypting data on the network and making it inaccessible. This forced Colonial Pipeline to shut down the entire pipeline. According to reports, the hackers gained access to the network and stole approximately 100 gigabytes of data. In order to gain access, the target needs to pay a fee set by the attacker. Typically, there is a threat to release the data to the public unless payment is made.
  • Consumers and businesses are already seeing the impact of this attack with fuel costs soaring and inventory impacted due to supply and demand. Experts have said that fuel supplies to the southeastern U.S. states may need to be reduced.
  • Cybersecurity experts suspect the group known as DarkSide is behind the attack. DarkSide is a new, highly skilled criminal organization that hacks networks, steals data and deploys ransomware that is used to extort money from their targets. The average ransom is more than $6.5 million. The group is believed to be based in Russia.

Key points from Onclave Networks, Inc.:

Cyberattacks on critical infrastructure, including those involving malware and ransomware, are growing in frequency.

IBM Security’s X-Force Threat Intelligence Index of 2021 reported that cyberattacks on healthcare, manufacturing, and energy doubled from the previous year. Deep Instinct reports that of the hundreds of millions of attempted cyberattacks, malware increased in 2020 by 358% and ransomware increased by 435% from 2019.

The cost also is rising with the average data breach costing $3.86 million, though larger enterprises could face costs in the tens of millions.

What we are seeing is just how vulnerable our energy, water, healthcare, manufacturing, transportation and other critical infrastructures are to cyberattacks from well-financed criminal organizations and foreign governments.

The danger with these kinds of attacks is that in addition to forcing system shutdowns, they also can infiltrate operational technology and connected devices (IoT) with malware that can be undetected by standard IT security remediation.

“Attackers are more sophisticated than ever,” said Don Stroberg, CEO of Onclave. “Operational technology is too complex and diverse to protect with a passive approach or a continued reliance on IT security solutions. Based on Zero Trust principles, our solution is purpose-built to secure vulnerable OT/IoT systems.”

Onclave recommends that any critical infrastructure enterprise:

  • Report intrusions immediately to the FBI and relevant government agencies. The FBI and U.S. intelligence agencies are seeing more attacks from foreign governments and well-financed hacker organizations. Notifying and receiving support from the government will be an important step.
  • Review and address network vulnerabilities now. Most importantly, do not rely solely on IT security measures and work with your internal teams to incorporate a more robust strategy with Zero Trust guidelines (Click here to read NIST Zero Trust architecture) at the core of your enterprise security. Most IT security solutions are designed with yesterday’s network communications in mind. You need to think about the vulnerable operational technology, industrial control systems and Internet of Things (IoT) devices you have that share wires with your IT network.
  • Remember that regardless of whether assets and endpoints are inside or outside of the enterprise perimeter, you must insist on establishing trust at each endpoint to ensure trusted secure communications. The Onclave TrustedPlatform™ cryptographically separates networks, reducing risks by eliminating the OT/IoT attack surface from the IT network.

To learn more, visit: www.onclavenetworks.com and click here to download our “Zero Trust” whitepaper.