The May 7, 2021 cybersecurity attack on Colonial Pipeline is the latest ransomware attack to widely disrupt national infrastructure and one of our nation’s largest and most successful attacks to date. Like most Americans, we bet you’re extremely familiar with this event – and if you live in the eastern half of the U.S., you may have even felt its repercussions from increased gas prices to fuel shortages and gas station closures (that’s right, gas hoarders. We’re looking at you!)
From the outside looking in, an oil company may seem like an odd target for a cybersecurity attack, but in the eyes of the attacker, it’s a huge money maker. Colonial Pipeline is the largest pipeline system for refined oil products in the U.S. at 5,500 miles long, carrying 45% of the fuel used on the East Coast. This attack was one of many unleashed from DarkSide, a European-based hacking group known for freezing computer networks across dozens of businesses in the U.S. and Europe. The result: $4.4 million in Bitcoin paid to DarkSide in return for a key to unlock Colonial’s files.
Within the past year, we’ve seen ransomware attacks disable not only government agencies but schools, hospitals, businesses and more. Sadly, we don’t expect this trend to decline anytime soon. The U.S. investigates ransomware but has only made modest traction in identifying and charging attackers. Similarly, the push for cybersecurity oversight is weak in the private industry, including pipeline companies like Colonial.
While the company is back up and running, this proved to be quite an expensive mess, not just for Colonial, but for American citizens. This instance has highlighted just how devastating an attack can be to a nation at large. To prevent similar instances from happening again, here are a few tips for companies to strengthen their cybersecurity defenses and prevent potential attacks.
- While it’s only part of the solution, organizations should increase basic cybersecurity hygiene to prevent ransomware. This can include anything from ensuring firewalls and routers are installed properly, accurately installing and configuring anti-virus, spamware and anti-malware protections, and continuously updating authorizations and permissions and enforcing MFA.
- Having visibility into your organizations network environment is key to sound protection. In today’s environment, the growing complexity of networking combined with innovation and rapid adoption of new services requires us to approach security with a new framework. The most effective framework will provide IT teams and administrators visibility into how devices are configured, any attacks or potential vulnerabilities, noncompliance with policy, and other risks. This can help you identify normal behaviors, eventually allowing your organization to track patterns and build benchmarks to more easily identify and respond to threats.
- Enforcing network segmentation improves security by limiting how far an attack can spread. In the event that an organization’s network is breached, this will ensure that the outbreak is contained and doesn’t affect other systems. Other benefits include improved operational performance and preventing harmful traffic from reaching vulnerable, third-party devices.
If your organization gets caught in a ransomware attack, check out this guide from The National Cyber Investigative Joint Task Force to learn how to respond.
For assistance building secured and trusted infrastructures for IT, IoT, and OT environments, contact us for a free consult to discuss addressing specific gaps in your environment.