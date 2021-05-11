A ransomware attack has temporarily halted Colonial Pipeline Co.’s oil pipeline activities, the refined fuel infrastructure largest in the United States with 8,550 kilometers in length, from Houston to the port of New York.

The incident is one of the worst cyberattacks to date against vital American infrastructure And it should serve as another wake-up call for the cybersecurity vulnerabilities large companies face.

The Colonial Pipeline pipeline supplies almost half of the liquid fuels consumed by the East Coast of the United States, moving 380 million liters per day. It is feared that its closure, which at the time of writing this article, will cause shortages and a rise in prices, although it will depend on when the tap can be reopened once the IT infrastructure is secured.

Pipeline closure affects supply in 18 states and it’s such a serious matter (It has caused movements in crude futures) that the White House has had to issue a note stating that it is working with “all available resources” to restore operations and avoid interruptions in the supply of fuel. US lawmakers are already calling for stronger protections for America’s critical energy infrastructure.

Colonial Pipeline and the Ransomware attack

“On May 7, Colonial Pipeline Company learned that it was the victim of a cybersecurity attack. We have since determined that this incident involves ransomware. In response, we proactively shut down certain systems to contain the threat, which has temporarily halted all pipeline operations and affected some of our IT systems, ”the company said in a statement.

The company has hired a third-party cybersecurity firm believed to be FireEye’s Mandiant incident response division to assist in the investigation. The US Cybersecurity and Infrastructure Agency (CISA) is also collaborating and has used the case to issue a standard alert: “This underscores the threat that ransomware poses to organizations regardless of size or industry. We encourage all organizations to take steps to strengthen their cybersecurity posture to reduce their exposure to these types of threats.

We still don’t know the answer to the main questions, like, Was the pipeline closed as a precautionary measure or as a result of the cyber attack? Who was behind the attack and how sophisticated were the attackers when it came to attacking and infecting critical systems?

Is DarkSide behind the attack?

Although the investigation is in its early stages, some media believe that the responsibility for the attack corresponds to the DarkSide group. An old acquaintance who has professionalized these types of attacks that cost tens of billions of dollars in losses and who believes himself pro-Russian because he is known for not attacking organizations in countries that used to belong to the Soviet bloc.

About Ransomware, what are we going to tell you that we haven’t already told you. It has become the main threat to global cybersecurity, its use has not stopped increasing and the attacks are more and more numerous, sophisticated, dangerous and massive.

If in the beginning the attackers settled by infecting consumer computers in exchange for a few dollars, all reports indicate that cybercriminals are focusing their preferred scope of action on the business segment, organizations, administrations and public infrastructures with malware as dangerous as’ CryptoWall ‘,’ Babuk ‘,’ Black Kingdom ‘,’ Ryuk ‘or’ CryptoLocker ‘that stand out for their high level of code and computer and network control capabilities by encrypting files.

The number of victims of Ransomware is already endless. Really, no operating system, platform, device or computer network is safe, because Ransomware uses any type of vulnerability, type of malware or attack to hijack computers. And not every time it is detected in time by security systems and antimalware software.

The latest cyber attack comes when a coalition of government and private sector technology companies, called the Ransomware Task Force, published a list of 48 recommendations to detect and disrupt the growing ransomware threat, as well as helping organizations prepare for and respond to such threats. attacks more effectively.

We’ll see how the Colonial Pipeline case ends. The lack of details regarding the ransom is generally indicative that the victim is negotiating or has already made the payment. It is not a positive message for the industry, although it is understandable in the case of critical infrastructure.