Examiner: Why Colonial Pipeline Hack Matters

NEW YORK – A cyber attack on an important US pipeline is sending ripple effects in the economy, exposing cybersecurity weaknesses in the country’s growing energy infrastructure. The Colonial Pipeline, which saves about 45% of the fuel used along the eastern seaboard, closes on Friday after a ransomware attack by a gang of criminal hackers calling themselves Darkside. Depending on how long the shutdown lasts, the event can affect millions of consumers.

What is the need for a Colonial Pipeline?

The owner, Colonial Pipeline, halted all pipeline operations over the weekend, forcing the company to close as a precautionary measure. US officials said Monday that the “ransomware” malware used in the attack did not extend to critical systems that control the operation of the pipeline. But the mere fact that it could have been so dangerous outside of security experts.

Will there be gasoline shops?

It depends on how long the shutdown lasts. Colonial said service is likely to be restored on most of its pipeline by Friday.

“There is no imminent shortage, and thus there is no need to panic buying petrol,” said Richard Josevic, head of global oil analytics at S&P Global Platts. If the pipeline is restored by Friday, there will not be much problem. “If it goes on for two weeks, that’s a problem,” Josevic said. “You are falling short on price spikes and perhaps supply of some service stations. And shopping in panic makes it worse. “

So what is happening with GASOLINE prices?

According to the AAA, the average price of gasoline jumped six cents to $ 2.96, and is expected to climb as the pipeline closes. Mississippi, Tennessee and Georgia to the East Coast of Delaware are the most likely to experience limited fuel availability and higher prices, and if the national average rises by three more cents, the highest since November 2014, according to the AAA Will be the price.

Is not ransomware?

Ransomware destroys data that can only be decoded with a software key after payment of the victim offender. An epidemic of ransomware attacks has become so bad that officials of the Biden administration have recently considered them a national security threat. Hospitals, schools, police departments and state and local governments are regularly affected. Ransomware attacks are difficult to prevent because they are usually launched by criminal syndicates that enjoy safe harbor overseas, mostly in former Soviet states.

Which is beyond attack and what will happen to them?

The hackers are Russian speakers of Darkside, one of dozens of ransomware gangs that specializes in double extortion, in which criminals steal the organization’s data before it is encrypted. They then threaten to dump that data online if the victim does not pay, creating a second disruptor to try to recover without paying.

The Ransomware gang say they are only motivated by profit. Colonial has not revealed how much of Darkside’s ransom has been sought or paid. So far this year, the demand for the ransomware gang has reached $ 50 million.

US officials say that there is no evidence of the Kremlin directly benefiting from ransomware, although Russian security services tolerate and sometimes employ these cybercriminals. It is not clear whether Darkside has such a Russian affiliation. President Joe Biden said in response to questions from reporters on Monday that there was no evidence yet that the Russian government was involved but there was evidence that Darkside was Russia-based.

What is different from this other record?

Two recent hacking campaigns – Solar Wind and the Microsoft Exchange Agreement – were seen by US officials as state-backed espionage. Formerly, elite Russian hackers infiltrated the US government and corporate networks for months until their discovery in December. In a subsequent hack, first revealed in late January, the US blamed Chinese cyberspace. Biden has already announced sanctions against Russia for SolarWinds hack and US election intervention, although many experts consider him not enough to stop Russian President Vladimir Putin. Biden said he planned to raise the issue of Russia’s safe haven with Putin when he meets with Putin, reported the following month.

Darkside posted a statement on its Dark Web site on Monday, trying to allege a colonial attack on its ransomware-hired affiliates, which is such a business. Darkside claims that it is political and does not attack hospitals, nursing homes, schools or government agencies.

Do they already exist or want to talk?

Neither colonial nor federal authorities have explained how the attackers breached the company’s network and were undefined. Cyber ​​security experts believe the colonial state may not have used state-of-the-art defenses, with software agents actively monitoring networks for anomalies and programmed to detect known threats such as Darkside’s intrusive devices Let’s go.

Does this require a network that needs to be networked and long-term?

It depends on how largely the colonial was infected, whether he paid the ransom, and if he did, when he got the software decryption key. Experts say that the decryption process can take at least several days. Colonial has not answered questions on these issues, although it said only its IT network was affected.

Does ransomware accept a great risk of Attitude?

They are not necessarily at greater risk, but they present unique challenges. The colonial pipeline structure is a massive piece of critical infrastructure that provides fuel supplies to states along the East Coast. Such a large network has different control systems along its path where it connects with distributors or customers.

“Every time you connect something, you run the risk that you’re going to infect something,” said Kevin Book, managing director of Clearview Energy Partners. He said that variability can make it even harder for hackers to know where to find vulnerabilities.

Over time, as pipelines expand, companies may end up with a mix of technology – parts built within the company and others brought in from outside, said Peter McNally, head of global territory at the third bridge. He said that many large energy companies have pressured investors to limit reinvestment in assets that may be decades old. This can be a problem when dealing with modern criminals.


Attempts to put ransomware operators out of business by attacking their online infrastructure have been made for internet whack-a-mole. The efforts of the US Cyber ​​Command, Microsoft and cross-Atlantic police with European partners have been able to make a temporary dent in the problem.

Last month, a public-private task force, including Microsoft, Amazon, the FBI, and the Secret Service, gave the White House an 81-page immediate action plan stating that much progress would be made if efforts were made in a year with American allies possible. Who are also facing an attack.

Some experts advocate a ban on the payment of ransom. The FBI discourages payments, but the task force said the ban would be a mistake as long as many potential targets remain “unexpectedly unaffected”, suitable for bankruptcy if they can’t pay. Newberger said Monday that sometimes companies have no real choice but to pay ransom.

The task force said that ransomware actors need to be named and embarrassed and that the governments that punish them will have to be harassed. It calls for mandatory disclosure of ransom payments and the creation of a federal “response fund” to provide financial assistance to victims in the hopes that, in many cases, it will prevent them from paying the ransom.


Source link

What do you think?


Leave a Reply

Your email address will not be published. Required fields are marked *


08dc pipeline facebookJumbo

Cyberattak Shutdowns a Top US Pipeline

10pipeline facebookJumbo

How the Colonial Pipeline Became an Important Artery for Fuel