Colonial Pipeline Hack: Trouble Was the Result but Money was the Goal

The Colonial Pipeline hack by DarkSide created Malicious code that resulted in the pipelines shut down, FBI officials have confirmed. According to the company, the Colonial pipeline transports about 45% of the fuel consumed on the East coast. U.S. fuel prices at the pump rose six cents per gallon on the week to $2.967 per gallon for regular unleaded gasoline, the American Automobile Association (AAA) said on Monday, while Wall Street shares in U.S. energy firms were up 1.5%. The U.S. issued emergency legislation on Sunday after a ransomware cyber-attack hit the Colonial Pipeline.

How did the attack occur? Digital Shadows thinks the Colonial attack was helped by the coronavirus pandemic, with more engineers remotely accessing control systems for the pipeline from home. James Chappell, a co-founder of Digital Shadows, believes DarkSide could have bought account login details for remote desktop software such as TeamViewer and Microsoft Remote Desktop. 

Even though hacking is dominating the headlines (and there is a reason for all the hype), the malware strike that takes over systems is a mounting obstacle for organizations of all sizes. And "bad guys" are converting ransomware into a massive business opportunity. Ransomware is marketed openly on the Dark Web. More than 230,000 new sites and over 350,000 new malicious malware programs and potentially unwanted applications are produced every day — and this is predicted only to keep growing. Ransomware drains billions from the global economy and shows no signs of slowing down. Beyond the ransom itself, the highest cost is the financial damage resulting from downtime, lost data, tarnished reputations, system rebuild and recovery fees, and regulatory fines.

It is a type of malware that holds network data "hostage." Ransomware attacks typically target vulnerabilities on endpoints, preying on organizations that may not be entirely up to date in their "security hygiene." This translates into basic security practices, such as patches, antivirus, and critical logging data, which are especially important in today's world of cybersecurity, where it can be challenging to stay ahead of adversaries. Although security hygiene can be time-consuming and difficult to maintain, these fundamentals are the most important focus areas for enterprise organizations. 

Here are additional tips from experts on how to prepare for and defend against ransomware attacks:

  • Keep all software up to date, including operating systems and applications, and clear inventories of all digital assets and their locations. 
  • Understanding that threat actors are attacking the cloud ensures you have complete visibility over cloud services.
  • Detect valuable data and segment the network. Avoid putting all data on one file share accessible by everyone in the organization. 
  • Do daily backups, including data on employee devices. Consider online, local, and secure offsite locations.
  • Complete penetration testing to find and patch vulnerabilities, ensure default credentials cannot access Remote Desktop Protocol ports and maintain reasonable security hygiene.
  • Train staff on security practices, emphasizing the importance of not opening attachments or links from unknown sources.
  • Endpoint security software will block any attempts at infection through email, but securing the endpoint is no longer sufficient. Employ a multi-layered threat defense solution. 
  • Establish an isolation plan to remove infected systems from the network. 

In mitigating an attack, perform research to see if other IT teams have investigated similar malware and if it is possible to decrypt the data on your own.

If you are interested in discussing with one of our experts at DLT TechData Company Cyber Solutions Team, please feel free to contact us. info@dlt.com I or Cybersales@dlt.com

Resources:
https://www.splunk.com/en_us/form/ransomware
https://www.bbc.com/news/business-57050690
https://www.nbcnews.com/tech/security/colonial-pipeline-hack-claimed-russian-group-darkside-spurs-emergency-rcna878