Major U.S. Pipeline Crippled in Ransomware Attack

3 years ago 318
BOOK THIS SPACE FOR AD
ARTICLE AD

Colonial Pipeline Company says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations.

A ransomware attack is being blamed for halting pipeline activities for the Colonial Pipeline Company, which supplies the East Coast with roughly 45 percent of it liquid fuels.

In a statement released Saturday, the Colonial Pipeline Company said it temporarily halted pipeline operations in response to a cyberattack impacting the company on Friday.

“On May 7, the Colonial Pipeline Company learned it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware,” the company wrote in a Saturday statement.

As a precaution the company proactively took key systems offline to avoid further infections.

“In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems,” the company stated. “Upon learning of the issue, a leading, third-party cybersecurity firm was engaged, and they have launched an investigation into the nature and scope of this incident, which is ongoing.”

The company, which delivers gasoline and diesel fuel to the East Coast, said it has also contacted law enforcement and other federal agencies. “Colonial Pipeline is taking steps to understand and resolve this issue. At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation,” according to the statement.

What We Know About the Colonia Pipeline Attack

Many questions are still unknown such as, was the pipeline shut down as a precaution or as a result of the cyberattack? Who was behind the attack and how sophisticated were the attackers when it came to targeting and infecting critical Colonial Pipeline Company systems?

“It’s not yet clear whether they shutdown the pipeline out of an abundance of caution to stop the spread of the ransomware payload or they can’t operate the pipeline because either OT systems have been impacted or they are dependent on IT systems,” wrote Dave White, president of Axio, in an email to Threatpost.

Ang Cui, CEO of Red Balloon Security, who does advanced threat research for the DOD and DHS, focused on embedded devices and ICS, said it was likely a criminal not nation-state attack.

“Although Colonial shut down its operations, it doesn’t necessarily mean the ICS was compromised,” wrote Cui in an email statement regarding the Colonial cyberattacks. “It could be that they didn’t have enough separation between the IT and OT systems, so they pulled the plug before the attackers realized they had access to those sensitive systems – which would have significantly increased the cost of the ransom, in addition to jeopardizing physical controls.”

Ransomware: A Persistent Problem

The attack comes as ransomware attacks have reached near epidemic proportions. Last year alone the number of ransomware attacks grew more than 150 percent, according to a Group-IB researchers report. The scourge has also prompted coordinated global efforts to combat ransomware.

Last month, a coalition of 60 global entities, which included the U.S. Department of Justice, proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations.

Download “The Evolution of Ransomware” to gain valuable insights on emerging trends amidst rapidly growing attack volumes. Click above to hone your defense intelligence!

Bullseye on Critical Infrastructure

In February 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning critical infrastructure targets, such as pipelines, were increasingly being targeted by hackers. The warning was sparked by a ransomware attack that hit a natural gas compression facility in the U.S. that caused a two-day shutdown of an unnamed victim.

The initial compromise to the IT network led to the cyberattacker deploying a “commodity ransomware” to encrypt data on both the IT and the OT networks. The ability to pivot was thanks to a lack of network segmentation between the IT and the OT portions of the infrastructure, CISA said at the time.

“The U.S. economy is critically dependent on energy pipeline infrastructure. It is important for all energy-critical asset owners and the federal government undertake risk analysis and economic quantification studies to understand the scale of impact from events like this and support investment in appropriate protections,” White wrote in a statement emailed to Threatpost on Saturday.

Cui said he believes a key part of the problem, in critical-infrastructure attacks, is that operators often do not isolate or secure these systems. “The vendors aren’t securing these ICS devices to begin with, and patching is difficult,” he wrote.

Download our exclusive FREE Threatpost Insider eBook, 2021: The Evolution of Ransomware,” to help hone your cyber-defense strategies against this growing scourge. We go beyond the status quo to uncover what’s next for ransomware and the related emerging risks. Get the whole story and DOWNLOAD the eBook now – on us!

Read Entire Article