Richard Arnold: Cyberattack on US pipeline linked to criminal gang
May 9, 2021 ·
3m 11s
The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of...
show more
The cyberextortion attempt that has forced the shutdown of a vital U.S. pipeline was carried out by a criminal gang known as DarkSide that cultivates a Robin Hood image of stealing from corporations and giving a cut to charity, a person close to the investigation said Sunday.
The shutdown, meanwhile, stretched into its third day, with the Biden administration saying an "all-hands-on-deck" effort is underway to restore operations and avoid disruptions in the fuel supply.
Experts said that gasoline prices are unlikely to be affected if the pipeline is back to normal in the next few days but that the incident — the worst cyberattack to date on critical U.S. infrastructure — should serve as a wake-up call to companies about the vulnerabilities they face.
The pipeline, operated by Georgia-based Colonial Pipeline, carries gasoline and other fuel from Texas to the Northeast. It delivers roughly 45% of fuel consumed on the East Coast, according to the company.
It was hit by what Colonial called a ransomware attack, in which hackers typically lock up computer systems by encrypting data and then demand a large ransom to release it. The company has not said what was demanded or who made the demand.
However, the person close to the investigation, speaking on condition of anonymity, identified the culprit as DarkSide. It is among ransomware gangs that have "professionalized" a criminal industry that has cost Western nations tens of billions of dollars in losses in the past three years.
DarkSide claims that it does not attack medical, educational or government targets — only large corporations — and that it donates a portion of its take to charity. It has been active since August and, typical of the most potent ransomware gangs, is known to avoid targeting organizations in former Soviet bloc nations.
Colonial did not say whether it has paid or was negotiating a ransom, and DarkSide neither announced the attack on its dark web site nor responded to an Associated Press reporter's queries. The lack of acknowledgment usually indicates a victim is either negotiating or has paid.
Commerce Secretary Gina Raimondo said Sunday that ransomware attacks are "what businesses now have to worry about," and that she will work "very vigorously" with the Homeland Security Department to address the problem, calling it a top priority for the administration.
"Unfortunately, these sorts of attacks are becoming more frequent," she said on CBS' "Face the Nation." "We have to work in partnership with business to secure networks to defend ourselves against these attacks."
She said President Joe Biden was briefed on the attack.
"It's an all-hands-on-deck effort right now," Raimondo said. "And we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren't disruptions in supply."
The person close to the Colonial investigation said that the attackers also stole data from the company, presumably for extortion purposes. Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network, because some victims are loath to see sensitive information of theirs dumped online.
Security experts said the attack should be a warning for operators of critical infrastructure — including electrical and water utilities and energy and transportation companies — that not investing in updating their security puts them at risk of catastrophe.
Ed Amoroso, CEO of TAG Cyber, said Colonial was lucky its attacker was at least ostensibly motivated only by profit, not geopolitics. State-backed hackers bent on more serious destruction use the same intrusion methods as ransomware gangs.
"For companies vulnerable to ransomware, it's a bad sign because they are probably more vulnerable to more serious attacks," he said. Russian cyberwarriors, for example, crippled the electrical grid in Ukraine during the winters of 2015 and 2016.
Cyberextortion att...
show less
The shutdown, meanwhile, stretched into its third day, with the Biden administration saying an "all-hands-on-deck" effort is underway to restore operations and avoid disruptions in the fuel supply.
Experts said that gasoline prices are unlikely to be affected if the pipeline is back to normal in the next few days but that the incident — the worst cyberattack to date on critical U.S. infrastructure — should serve as a wake-up call to companies about the vulnerabilities they face.
The pipeline, operated by Georgia-based Colonial Pipeline, carries gasoline and other fuel from Texas to the Northeast. It delivers roughly 45% of fuel consumed on the East Coast, according to the company.
It was hit by what Colonial called a ransomware attack, in which hackers typically lock up computer systems by encrypting data and then demand a large ransom to release it. The company has not said what was demanded or who made the demand.
However, the person close to the investigation, speaking on condition of anonymity, identified the culprit as DarkSide. It is among ransomware gangs that have "professionalized" a criminal industry that has cost Western nations tens of billions of dollars in losses in the past three years.
DarkSide claims that it does not attack medical, educational or government targets — only large corporations — and that it donates a portion of its take to charity. It has been active since August and, typical of the most potent ransomware gangs, is known to avoid targeting organizations in former Soviet bloc nations.
Colonial did not say whether it has paid or was negotiating a ransom, and DarkSide neither announced the attack on its dark web site nor responded to an Associated Press reporter's queries. The lack of acknowledgment usually indicates a victim is either negotiating or has paid.
Commerce Secretary Gina Raimondo said Sunday that ransomware attacks are "what businesses now have to worry about," and that she will work "very vigorously" with the Homeland Security Department to address the problem, calling it a top priority for the administration.
"Unfortunately, these sorts of attacks are becoming more frequent," she said on CBS' "Face the Nation." "We have to work in partnership with business to secure networks to defend ourselves against these attacks."
She said President Joe Biden was briefed on the attack.
"It's an all-hands-on-deck effort right now," Raimondo said. "And we are working closely with the company, state and local officials to make sure that they get back up to normal operations as quickly as possible and there aren't disruptions in supply."
The person close to the Colonial investigation said that the attackers also stole data from the company, presumably for extortion purposes. Sometimes stolen data is more valuable to ransomware criminals than the leverage they gain by crippling a network, because some victims are loath to see sensitive information of theirs dumped online.
Security experts said the attack should be a warning for operators of critical infrastructure — including electrical and water utilities and energy and transportation companies — that not investing in updating their security puts them at risk of catastrophe.
Ed Amoroso, CEO of TAG Cyber, said Colonial was lucky its attacker was at least ostensibly motivated only by profit, not geopolitics. State-backed hackers bent on more serious destruction use the same intrusion methods as ransomware gangs.
"For companies vulnerable to ransomware, it's a bad sign because they are probably more vulnerable to more serious attacks," he said. Russian cyberwarriors, for example, crippled the electrical grid in Ukraine during the winters of 2015 and 2016.
Cyberextortion att...
Information
| Author | NZME |
| Website | - |
| Tags |
-
|
Copyright 2024 - Spreaker Inc. an iHeartMedia Company
