Ransomware attack shuts down Colonial Pipeline
A single compromised password led to the hack of the largest fuel pipeline in the US, causing shortages across the entire Eastern Coast on May 7.
Colonial Pipeline is one of the largest pipeline operators in the United States.
It was founded in 1962 and provides roughly 45% of the East Coast fuel, including gasoline, diesel, home heating oil, jet fuel, and military supplies. It transports over 100 million gallons of fuel daily across an area spanning Texas to New York.
Colonial Pipeline is one of the largest pipeline operators in the United States. It was founded in 1962 and provides roughly 45% of the East Coast fuel, including gasoline, diesel, home heating oil, jet fuel, and military supplies. It transports over 100 million gallons of fuel daily across an area spanning Texas to New York.
The attackers gained access to the Colonial Pipeline Co. network by using this password of an inactive Virtual Private Network (VPN) account that could still connect and access their computer networks remotely. Since the company didn’t use multifactor authentication, an essential cyber-security tool, hackers compromised the network with only username and password on April 29. A week later, a ransomed note popped up on the screen forcing the company to shut down its entire gasoline pipeline for the first time in its 57-year history on May 7. However, the company resumed operation on May 13 after it paid a ransomed of $4.4 million on May 7.
This ransomware attack reminded us once more of how dependent we are on our ICS/SCADA systems and how vulnerable these systems are to cyber-attacks. The episode also reminded us of how dangerous such an attack can be, as SCADA systems protect your various industrial processes, which in most cases are far more valuable than the data that traditionally attacked in your IT systems.
To date, most ransomware attacks have traditionally attacked millions of IT systems at once, hoping for a few successes. This trend, however, has changed in the last year as the attackers are shifting the ideology to attacking a single target with specialized malware such as a ransomware variant explicitly designed to target SCADA systems called Snakes.
There is an increase in attacks over the past year by the attackers targeting nations critical resources for various reasons by that be politically inclined like the attack on Mumbai Powergrid last year in October during the ongoing tensions between India and China or financially motivated attacks like this one or even the Oldsmar water treatment plant attack. Governments need to step up to ensure such attacks cannot continue as they disrupt more than just the plant, causing damage that can affect an entire nation. Therefore, they need to develop and maintain robust cyber defense strategies to safeguard such resources.
To Know More visit us
Sources:
Colonial Pipeline boss confirms $4.4m ransom payment — BBC News
Colonial Pipeline attack: Everything you need to know | ZDNet
SCADA Hacking: Snake, a New Variant of Ransomware Targets SCADA/ICS (hackers-arise.com)
Colonial Pipeline Cyber Attack: Hackers Used Compromised Password — Bloomberg
Image source: 6a4a49_e1269f51c7634c5fb9f20ed040a45012~mv2.webp (740×493) (wixstatic.com)
