Security News > 2021 > May > Industry Reactions to Ransomware Attack on Colonial Pipeline
Colonial Pipeline, the largest refined products pipeline in the United States, last week revealed that it was forced to shut down operations after being hit by a piece of ransomware.
"The US Government has lots of resources at its disposal and it does have a history of reaching out to industry to alert them to cyber threats and attacks impacting our industrial base. I would expect that the Government's A-team is actively involved in helping Colonial Pipeline contain and recover from the attack."
"In our company's extensive experience in assessing oil & gas pipelines for several of the country's largest pipeline operators, we have found that pipeline cybersecurity is far behind that of other energy sectors. A common gap in the pipeline industry is the lack of segmentation of the pipeline supervisory control and data acquisition networks which are the networks that connect the pipeline control center to every terminal, pumping station, remote isolation valve, and tank farm along the pipeline. These are very large networks covering extensive distances but they are typically"flat", from a network segmentation standpoint.
Judging by the statement, it looks like they did not expect such consequences and attention after the latest attack on Colonial Pipeline and now they are planning to introduce some sort of 'moderation' to avoid such situations in the future.
"Many will recognize DarkSide from their dubious donations of $10,000 of stolen money to well-known charities in October 2020. Originally, this gang claimed that they wanted to"make the world a better place" but based on their post regarding the Colonial Pipeline attack , sharing that their "only goal is to make money," we can deduce that this gang is far from good Samaritans.
"Unfortunately, the cyber attack against Colonial Pipeline is only a teaser of the future of cyber attacks. As cyber criminals and foreign adversaries seek opportunities for financial gain and power projection, our national critical infrastructure is an easy target. Industrial environments are operating with infrastructure that commonly maintains obsolete technology that can't be patched, and staff that frequently are not as cyber savvy as they need to be to keep attackers at bay. This leads to a situation where cyber security risk levels are below acceptable tolerances, and in some cases organizations are blind to the risk."
News URL
Related news
- UK health services call-handling vendor faces $7.7M fine over 2022 ransomware attack (source)
- McLaren hospitals disruption linked to INC ransomware attack (source)
- Six ransomware gangs behind over 50% of 2024 attacks (source)
- CISA warns of Jenkins RCE bug exploited in ransomware attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds (source)
- Most ransomware attacks occur between 1 a.m. and 5 a.m. (source)
- New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data (source)
- Lateral movement: Clearest sign of unfolding ransomware attack (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)