Here’s a scenario. You live on the east coast of the United States and you need to put fuel in your car. You pull up to the station, but to your shock and dismay, there is a sign on the pump informing you that there is no more fuel. You go to the next station and see a similar sign. And another. You limp home on fumes and pull up your internet browser. Yep, it’s a bonafide fuel shortage, due to a ransomware attack on the nations fuel pipeline infrastructure.
Ok, so it isn’t actually a true story and you don’t need to rush out and fuel up your car, the extra tanks, put fuel in giant tubs, or anything else. But the ransomware part of this story is indeed true. If you haven’t heard, there was a ransomware attack on one of the U.S.’s largest fuel pipelines, Colonial Pipeline, that caused the organization to shut down operations for a couple of days.
So what do we know so far?
The attack is being blamed on the DarkSide group, which is known to focus on English speaking targets while avoiding those in the former Soviet Bloc. The attack was discovered on May 7, 2021 causing the company to temporarily shut down operations and freeze IT systems in order to contain the event. By May 12, 2021, the company started bringing operations back online.
What isn’t known?
Mandiant, a division of FireEye was brought in to help investigate. So far, it’s unknown what triggered this, but it’s suspected to be one of a few things: 1) An unpatched system, 2) A successful phishing email where an employee clicked an infected link or attachment, or 3) The use of stolen credentials retrieved in some other way, such as a former attack or leaked information on the Dark Web. So, basically it could have been anything.
Lessons to be learned?
Be sure that if you are in charge of infrastructure or operations, patch systems as soon as these fixes are available. In addition, have a cybersecurity plan in place for when or if an attack happens and remember to updated it annually at a minimum. Train employees what phishing email looks like, what the current phishing threats are at any given time, and how to handle them. Make them feel comfortable reporting them, even if they accidently click something they shouldn’t. Ongoing awareness training is worth the price to avoid a ransomware attack. Last, but certainly not least, back up important data on a regular basis. Keep it current and store it offline so that if ransomware does strike, it won’t be able to destroy those too. Restoring from a backup is a lot more cost effective than starting from scratch.
Infrastructure continues to be targeted by cybercriminals and it doesn’t appear to be slowing down. Check Point noted that attacks on American utilities has been on the rise and actually increased by 50% per week from March to April of this year. In the last nine months, ransomware attacks nearly tripled. Check Point noted, "Furthermore, in recent weeks an average of 1 in every 88 Utilities organization in the U.S. suffered from an attempted Ransomware attack, up by 34% compared to the average from the beginning of 2021.”