The US Government has been forced to take action after a ransomware attack shut down a major US fuel pipeline.
Fuel prices have jumped after the attack on Colonial Pipeline, operator of one of the country’s largest fuel pipelines, which targeted its entire network with ransomware.
President Joe Biden has enacted special executive orders relaxing rules on the transportation of fuel via road to keep supply moving.
The US Department of Transportation (USDOT) announced that the USDOT’s Federal Motor Carrier Safety Administration would be “taking steps” to allow motor carriers and drivers to transport fuel to states across the country.
Commenting on the attacks, the operator said: “Colonial Pipeline is taking steps to understand and resolve this issue.
“At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation.”
Hackers supposedly accessed data on computer systems and servers, locking the data and demanding a ransom. The group said that, if the ransom is not paid, they would leak the data online.
So far, no hacking group has claimed responsibility for the cyber-attack and investigations are still in the early stages. However, it is believed that a sophisticated cybercriminal group is to blame.
A group called “DarkSide” known for deploying ransomware and extorting victims while avoiding targets in post-Soviet states are believed to be behind this new attack.
The attack is a substantial blow to fuel supply in the US. The Colonial Pipeline carries 45% of the East Coast’s supply of diesel, gasoline and jet fuel – 2.5 million barrels.
Vulnerabilities in the US energy supply infrastructure have been exposed by the attack, one of the most disruptive digital ransom operations ever reported.
Stuart Reed, UK Director at Orange Cyberdefense, told DIGIT that experts have been predicting attacks of this magnitude for years.
“Thwarting cyber-attacks against key utilities and services has never been more critical and the severe consequences of failing to do so is only exacerbated by the unprecedented events of the last year,” he commented.
“Organisations must focus on understanding the evolving ecosystem of ransomware, and how to alleviate its risks. The focus should be on remediation plans, so the impact of a ransomware attack is reduced and therefore the compulsion to pay diminishes.”
- DIGIT Deal Roundup Column | April 2021
- HSBC Voice ID system cuts telephone banking fraud in half
- Twitter feature suggests you be nice before posting that mean tweet
Dr Francis Gaffney, Director – Threat Intelligence & Response, at Mimecast, commented: “It is likely that the increase in remote working played a role in this attack. With the rise of engineers remotely accessing control systems for the pipeline from home, cybercriminals are able to prey on vulnerabilities associated with this way of working to access the organization’s system.
“Cybersecurity professionals have, for some time, warned of outdated practices and implementation associated with IoT, IT systems, and OT security and these are now becoming realised.”
Dr Gaffney added: “Organisations must start investing in cybersecurity preparedness and awareness training. From our research, 43% of respondents said that employee lack of cognizance about current campaigns and wider cybersecurity issues is one of their greatest vulnerabilities, and yet only one in five respondents indicated they have ongoing (more than once per month) security awareness training in place.
“It is recommended that organisations focus on prevention, rather than cure, by implementing strong resiliency measures and ensure that employees are properly trained in cyber awareness.”