The warning signs have been there for years, but no one really thought it could happen. This past month, hackers used a ransomware attack to shut down the digital systems controlling the pipeline that carries about half the fuel used by the East Coast of the US. On Saturday, May 8th, Colonial Pipeline, which operates the nearly 6000-mile petroleum pipeline that runs from Texas to New York, released a statement that confirmed reports that hackers had breached its network. In response, Colonial shut down the pipeline in an effort to contain the damage. The pipeline shutdown created consumer panic and short-term gasoline shortages. This latest example of critical infrastructure hacking just goes to show how commonplace and extreme the ransomware epidemic has become.
Security experts from all disciplines are calling this the most impactful hack of the energy supply chain in the US so far. This is just another attack, and there will certainly be more. Investigators familiar with the incident are saying that the ransomware gang known as Darkside is likely responsible. So far Darkside has attacked almost 50 organizations and demanded between $200,000 and $2 million payments from each of them.
Hackers have become increasingly active and bold in the past 18 months. They have shut down city governments in Atlanta and Baltimore, they have hacked court computers threatening to shut down the legal system, and they have extorted hospitals for tens of millions of dollars. Most victims don’t talk about their attacks for fear of ridicule, and the concern of exposing and publicizing their vulnerabilities. In return, hackers are increasingly seeking to attack industrial and commercial targets because they know those targets are soft, they are likely to pay, and they don’t employ the latest security technology. Momentive, Hydro Norsk, and Hexion were all victims of ransomware attacks in the past two years.
Previous hacker attacks on infrastructure targets had shown that hackers gained access to both IT networks AND the operational technology that controls the infrastructure assets themselves. In the Colonial Pipeline case, no statements have been made about whether or not the actual control systems had been compromised to the point where the physical state of the system could have been changed to create an extremely dangerous situation.
However, merely gaining access to the IT network was enough of a warning that the company would have had to shut down the network to possibly prevent greater penetration by the hackers into more sensitive control systems. Experts agree that Colonial did the right thing by shutting down the network because they no longer had positive control over the environment, and had no line-of-sight visibility into the possible compromise of the pipeline’s control systems.
Ransomware attacks are expensive. According to a recent survey from Sophos:
There is an increasing trend towards hackers not returning 100% of the “ransomed” data even after being paid. On average, hackers will grant access to about 2/3 of their data after the ransom payment.
In the future, critical infrastructure providers in the US will have little choice but to bolster their defenses against an onslaught of loosely organized criminal hackers—whose disruptive capabilities and ambitions are only growing.
VBS is a leading reseller of anti-ransomware software. If you are concerned about ransomware, and network security in general, be sure to contact Virginia Business Systems for a no-obligation evaluation of your company’s security systems.