The Colonial Pipeline hack and what your business can learn from it
One of the largest ransomware attacks on U.S oil infrastructure to date occurred on April 29, 2021, when cybercriminals hacked the Colonial Pipeline Company via an employee password. Within a week, the Pipeline shut down, and a ransom note of $4.4 million was sent. While the Government has assured us that the fuel lines will return to full working capacity, the cyberattack has already begun to reshape federal cybersecurity policy. More importantly, it demonstrates why a multi-layered approach to network security is imperative. Researchers have found that roughly 88% of all data breaches occur due to employee error. Lessons can be learned from the Colonial Pipeline attack, especially regarding how companies can proactively mitigate cybersecurity threats of their own.
What happened during the Colonial Pipeline hack?
Cybersecurity investigators speculate that a Colonial employee had their password leaked on the dark web, but cannot confirm that this was the exact model of theft. Regardless, despite being deactivated at the time of the attack, the account did not use two-step authentication, and the hackers were able to type in the username and password.
A $4.4 million ransom note was sent to the company, with the threat of 100 gigabytes of leaked company data if unpaid. Pipeline operations halted as a result until investigators were able to confirm that no physical damage had been caused. When it was deemed safe to do so, the company paid the ransom and reopened the Pipeline.
According to the investigators, the hackers were only able to access the critical operating systems and nothing else. It was also uncovered that the attack was affiliated with DarkSide, a Russia-associated cybercrime group that claimed that "[their] goal is to make money and not create problems for society." Yet, the fallout from the shutdown drove gas prices to over $3 a gallon.
Colonial Pipeline sued for response to cyberattack
The Colonial Pipeline was not the only one to suffer losses, as gas stations along the East Coast saw shortages significantly impact their sales. EZ Mart in Wilmington, NC, is suing the Pipeline for $5 million in revenue losses due to its alleged inaction to prevent the attack. The lawsuit claims that the company had ample time and resources to bolster its security networks and keep hackers out, but failed to do so. The Pipeline continues to defend its actions after the attack, and as of now, the case has not gone to court.
Pipeline crisis prompts Government response
Ransomware has always been seen as a nuisance to the U.S. economy, but now it's being viewed as a serious threat to our Nation's security. The Department of Justice (DOJ) stated that the Colonial Pipeline attack was an example of "digital extortion [against] the nation." To that end, the Government is ramping up its defenses with new policies.
The White House held a press conference on May 13th to address the attack on the Colonial Pipeline and outline the Government’s planned response. While actions were taken to give fuel suppliers more flexibility and lift weight restrictions for tank deliveries, President Biden emphasized that the process will take time:
“We will not feel the effects at the pump immediately. This is not like flicking on a light switch. This pipeline is 5,500 miles long. It had never been fully shut down in its entire history, and so — so fully. And we have to — now they have to safely and fully return to normal operations.”
The Biden-Harris administration released an Executive Order (EO) on improving the Nation's Cybersecurity on May 12, 2021, as part of their response to the Pipeline attack. While this order currently pertains to Federal agencies and their contracted employees, its stipulations on better threat information sharing and software development could impact the wider market in time. Meanwhile, House lawmakers also created a bill that would invest $500 million into state and local cybersecurity defenses, which could bring new security standards and resources to the Telecom industry as technology improves.
What the Colonial Pipeline hack means for the Telecom industry
While the Cybersecurity Executive Order is comprehensive, it will take until September 2021 to start seeing significant policy changes. Meanwhile, seven ransomware attacks happened per hour in the U.S. last year, and the rate has continued to increase to an attack every 11 seconds during the pandemic.
Not to mention that unprotected systems can be expensive to repair. In 2019, the city of Baltimore was victim to a ransomware attack that held various files and online systems hostage for $75,000 in bitcoin. Baltimore refused the payment, and the cost of rebuilding ended up equating to a staggering $18 million.
While the EO takes time to go into effect, there are steps that companies and their employees can begin implementing today to improve their security, including:
- Changing passwords regularly (a password manager is an excellent resource to share with your employees)
- Setting up two-step authentication
- Implementing multi-layered security systems
As evidenced by the hack of the Colonial Pipeline network via an unchanged password, optimized cybersecurity is a multi-faceted challenge. While traditional enterprise security solutions certainly play a role in the larger picture, additional layers of proactive defense are also needed: workers should update their credentials on a regular basis; businesses should encourage two-factor authentication; out-of-use accounts should be deactivated promptly.
Companies looking to defend their networks against the growing risk of cyberattacks should also look to integrate new forms of security software such as automatic threat detection, ad blocking, etc. For more information, reference Minim blog on BYON security.