Your IT Support Experts - Homepage

We partner with many types of businesses in the area, and strive to eliminate IT issues before they cause expensive downtime, so you can continue to drive your business forward. Our dedicated staff loves seeing our clients succeed. Your success is our success, and as you grow, we grow.

Home

About Us

IT Services

Understanding IT

News

Blog

Contact Us

Support

(703) 359-9211

Free Consultation

Interested in seeing what we can do for your business? Contact us to see how we can help you! Sign Up Today

Macro Systems Blog

Macro Systems has been serving the Metro Washington, DC area since 1997, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

What Cybersecurity Lessons were Learned from the Colonial Pipeline Hack

What Cybersecurity Lessons were Learned from the Colonial Pipeline Hack

Headlines have been filled with news pertaining to the recent hack of Colonial Pipeline, which resulted in significant gasoline shortages up the east coast of the nation. While the pipeline has been restored, the way this was accomplished sets a dangerous precedent. Furthermore, the attack seems to have set off bigger infrastructural changes in the political space.

Let’s take a few minutes to dive into the situation at hand to see what insights can be gleaned from these events.

The Colonial Pipeline Situation

On May 7, Colonial Pipeline first became aware of a ransomware infection in its systems, prompting the fuel supplier to pull the plug on its pipeline operations along the southeast coast so that the malware wouldn’t spread. Leaning on a relatively new form of ransomware attack, those responsible for the attack—a group called Darkside—utilized a method known as double extortion, where the cybercriminal motivates their victim to pay up by not only locking their data down but also threatening to leak it out.

For its part, Darkside primarily operates as a kind of cybercriminal service provider, developing threats to provide them to other groups with their support.

In response to this threat, Colonial Pipeline quickly halted its operations, and as a result, a wide portion of the country experienced gas shortages due to the cutoff of supply. Many found themselves waiting for hours at the pumps, assuming that any gasoline was available at all. Despite stating that there were no plans to pay the almost $5 million in cryptocurrency that the hackers were demanding, it has been reported that the company did ultimately do so. Once the payment was received, the distributor was provided with a very slow decryption tool that they supplemented with their own backup solutions.

This situation has highlighted a few serious considerations that will need to be addressed by businesses of every size, while also revealing a few things about the current state of cybersecurity in clearly critical pieces of infrastructure.

Ransomware-as-a-Service is a Serious Threat

Darkside had risen to prominence in a relatively short time in the cybercriminal business world, creating a network of affiliate hackers to collaborate with for a share of the cut. With a net gain of at least $60 million in its seven months of existence ($46 million of which came in during Q1 2021 alone), this approach is apparently quite lucrative. While the affiliate hackers retain the majority of the ransom fees, Darkside handles a lot of the work on their behalf: writing the ransomware itself, billing the targeted victims, hosting the data that has been stolen, and even serving as the cybercriminal’s IT support and PR team.

This is serious simply because it can significantly lower the barrier to entry that cybercriminals face when implementing ransomware, making it a feasible attack vector for more of them to put into place.

Double Extortion Makes Ransomware Even Worse

You may have caught that Colonial Pipeline did, in fact, have a data backup available to them… so, it may seem confusing that they still paid the ransom to have their data released. After all, the data backup should have enabled them to simply wipe and restore their entire infrastructure from scratch.

It’s the fact that this attack was utilizing the double extortion method that makes the difference. Instead of simply threatening to delete the data if the ransom is not paid, a double extortion attack doubles down by threatening to leak the data if the ransom is not paid in time. Depending on the industry that is being targeted, some of this data could bring significant repercussions to the business that allowed it to leak. Government regulations and public opinion can both bring down serious consequences once data is leaked, so it makes sense that Colonial Pipeline would choose to bite the bullet and pay up instead. We still don’t recommend that ransomware demands are paid, but time will tell if this method of attack becomes more popular and forces us to reconsider.

Events Like These Will inspire More Cybersecurity Improvements

Partly in response to these events, U.S. President Joe Biden signed an executive order intended to enhance the cybersecurity protections in place surrounding critical infrastructures for the government and private sector companies alike. This order includes the founding of a task force committed to prosecuting hackers that utilize ransomware, as well at the removal of any contractual barriers to reporting breaches within federal agencies and a deadline of three days to report severe cyberattacks. With such attacks happening with higher frequency than ever before, it will be far more critical for businesses to consider these improvements imperative to their continued survival.

Situations like these make it clear that cybersecurity isn’t going to get any easier for businesses to manage from here on out, so it will be important to have a trustworthy resource waiting in the wings to assist your operations. Macro Systems can be that resource for you. Give us a call at 703-359-9211 to start a conversation about what we can do for you.

Three Technology Tools a New Small Business Needs
How COVID Affected Businesses
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, November 17, 2024

Captcha Image

Customer Login


Contact Us

Learn more about what Macro Systems can do for your business.

(703) 359-9211

Macro Systems
3867 Plaza Drive
Fairfax, Virginia 22030