News -

News spotlight: What can we learn from the US Colonial Pipeline ransomware attack?

On Friday 7th May, fuel supplies across North America were disrupted as the Colonial Pipeline, the major fuel pipeline connecting the East Coast, was attacked in the largest-known attack in US energy infrastructure.

As the organisation’s systems begin to recover, Damon Small, technical director at NCC group, provides an overview of the attack and the lessons we can take from it.

What happened?

On the day that ransomware was detected, The Colonial Pipeline Company announced that it had shut down their 5,500 miles of pipeline, affecting almost half of the East Coast’s fuel supplies.

In the following days, the FBI revealed that the Eastern European-based cyber crime gang, DarkSide, was responsible. It is likely that DarkSide found a vulnerable internet-facing device and used it to gain a foothold within Colonial's IT business network.

The attack generated a serious ripple effect. Fuel prices soared as the pipeline, which moves 2.5 million barrels of gasoline, diesel, and jet fuel per day, was disrupted. The Colonial Pipeline company eventually paid the gang the $4.4 million (£3.1 million) ransom, and in return received a decryption tool which allowed them to unlock the compromised systems. However, this wasn’t enough to restart the systems immediately, and it will take a significant amount of time before some business systems are fully recovered - ultimately costing the company tens of millions of dollars.

What can we learn from it?

Unfortunately, the attack is one of many ransomware attacks in recent years, and the number of attacks in the sector is on the rise. There are no back up pipelines, and there is little margin for error in the entire supply chain. Meanwhile, threat actors know that successful attacks on this sector can be lucrative due to the ensuing disruption - it would take about 13,000 trucks per day to replace the colonial pipeline.

Therefore, it is paramount that systems are properly protected, and IT and security is recognised as critical infrastructure and funded appropriately. Candid and open conversations need to be had with oil and gas companies about the measures they’re taking to protect the nation’s critical infrastructure. It is likely that the federal government will begin to take a closer look at this part of the energy industry following the attack to ensure that lessons are learnt.

Topics

  • Crises, Incident

Contacts

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7721577574

Related content

Spotlight on: U.S. Government’s move towards Zero Trust Cybersecurity

NCC Group Senior Vice President in North America, John Rostern shares his thoughts on the Zero Trust Cybersecurity strategy announced by the White House on January 25.

News spotlight: Oil and gas pipelines a target for hackers – part one

Last week saw substantial cyber security developments for the oil and gas industries in the US. In the first of two articles, Damon Small, technical director at NCC group reacts to an advisory released by the CISA and FBI on a spear phishing and intrusion campaign carried out on 23 US oil and natural gas pipeline operators between 2011 to 2013 by Chinese state-sponsored hackers.

News spotlight: Oil and Gas pipelines a target for hackers – part two

Following our last oil and gas industry news spotlight on the advisory issued by the CISA and FBI on a spear phishing and intrusion campaign carried out between 2011 and 2013, Damon Small, technical director at NCC Group, reacts to a new directive that requires owners and operators of critical pipelines to implement specific measures to protect against ransomware and other prevailing threats.

Technical Viewpoint: Cyber resilience skills: please mind the gap

Ollie Whitehouse considers how cyber security has evolved into a complex profession with various sub specialisms and how the supply of talent to meet these needs has not generally kept pace with demand.

Executive Analysis: Three actions to reduce insider threats while working remotely

In this new Executive Analysis piece, Stephen Bailey give somes practical advice on how organisation’s can reduce the risk of the insider threat while working remotely, focusing on optimizing controls, improving detection capabilities and training people.

Related events

Is ransomware an exponential threat to society?

Event date 21 July 2021 12:45 – 13:45

Location Virtual event