BLOG: Fuel Pipeline Cyber Attack Causes US To Declare Emergency
A colonial pipeline that contains and supports 45% of the fuel consumed on the U.S. East Coast, on Saturday said it halted operations due to a ransomware attack, this is another situation highlighting how vulnerable infrastructure is to cyber attacks. Colonial Pipeline is the largest refined products pipeline in the U.S, involved in transferring 100 million gallons and more from Houston to New York Harbor.
On May 7th 2021, the Colonial Pipeline Company discovered they were the victims of a serious cybersecurity attack. The company released a statement explaining this unfortunate situation. Cybersecurity professionals assisting with the investigation linked the attack to a ransomware strain called DarkSide. An analysis of the ransomware published by Cybereason earlier in April 2021 reveals that DarkSide has a pattern of being used against targets in English-speaking countries, while avoiding entities located in former Soviet Bloc nations.
Darkside Ransom note Source: thehackernews
The operators behind the ransomware also recently switched to an affiliate program in March, wherein threat actors are recruited to spread the malware by breaching corporate network victims, while the core developers take charge of maintaining the malware and payment infrastructure.
DarkSide, which commenced operations in August 2020, has published stolen data from more than 40 victims to date. It’s not immediately clear how much money the attackers demanded or whether Colonial Pipeline has paid. A separate report claimed that the cybercriminals behind the attack stole 100GB of data from its network.
As we stated in a previous blog, ransomware is growing at a concerningly fast rate. Ransomware is ever evolving, and the latest cyber attack comes as a coalition of government and tech firms in the private sector, called the Ransomware Task Force, released a list of 48 recommendations to detect and disrupt the rising ransomware threat, in addition to helping organizations prepare and respond to such attacks more effectively.
Potentially damaging interruptions targeting utilities and critical infrastructure have witnessed a surge in recent years, fueled in part by ransomware attacks that have increasingly jumped on the double extortionbandwagon to not only encrypt the victim’s data, but exfiltrate the information beforehand and threaten to make it public if the ransom demand is not paid.
Source: thehacknernews
Last February, CISA issued an alert warning of increasing ransomware infections affecting pipeline operations subsequently an attack that hit an undisclosed natural gas compression capacity in the country, this led to the company shutting down for two days.
Securing pipeline infrastructure has been an area of focus for
the Department of Homeland Security, assigned CISA in 2018 to oversee the Pipeline Cybersecurity Initiative (PCI), this focuses on identifying and addressing developing threats and execute security procedures to safeguard and defend over 2.7 million miles of pipelines responsible for transporting oil and natural gas in the U.S. The agency’s National Risk Management Center (NRMC) has also published a Pipeline Cybersecurity Resources Library in February 2021 to “provide pipeline facilities, companies, and stakeholders with a set of free, voluntary resources to strengthen their cybersecurity posture.”
This ransomware attack against Colonial Pipeline’s networks has provoked the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a regional emergency declaration in 17 states and the District of Columbia (D.C.). The declaration provides a temporary exemption to Parts 390 through 399 of the Federal Motor Carrier Safety Regulations, allowing alternate transportation of gasoline, diesel, and refined petroleum products to address supply shortages stemming from the attack. The states and jurisdictions in the Emergency Declaration are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.
The exemptions, which aim to alleviate any shortages or supply disruptions that may arise due to the shutdown, are expected to be in effect until the end of the emergency or June 8th 2021.
The development comes as the U.S. Federal Bureau of Investigation (FBI) confirmed the disruption of one of the country’s largest pipelines over the weekend was orchestrated by Darkside ransomware. The vicious cyberattack forced the company to shut down 5,500 miles of fuel pipeline from the Texas city of Houston to New York harbor, raising concerns about the vulnerability of the U.S. energy infrastructure to cyberattacks.
source: thehackernews
The U.S. government stated there was no indication that Russia was involved in the Colonial Pipeline ransomware attack, the operatives of the DarkSide ransomware issued a statement, vowing it intends to vet the companies its affiliates are targeting going forward to “avoid social consequences in the future.” They stated they are apolitical and do not participate in geopolitics, they also explained that their goal is to make money and not create problems within and for society.
The adversary, which is alleged to have leaked data pertaining to at least 91 organisations since commencing operations in August 2020, functions as a ransomware-as-a-service scheme, in which partners are roped in to expand the criminal enterprise by breaching corporate networks and deploying the ransomware, while the core developers take charge of maintaining the malware and payment infrastructure. Affiliates typically receive 60% to 70% of the proceeds, and the developers earn the rest.
Alongside internal data from victims of the pipeline incident, there are also other oil and gas companies such as Forbes Energy Services and Gyrodata, both of which are based in Texas published on the DarkSide’s data leak site. According to cybersecurity professionals, DarkSide is believed to be the handiwork of Carbon Spider (aka Anunak, Carbanak, or FIN7), whose high-level manager and systems administrator was recently sentenced to 10 years in prison in the U.S.
More than 7% of petrol stations in Virginia and 5% in North Carolina were out of fuel yesterday as demand jumped 20%, tracking firm GasBuddy said. Yesterday the government stepped in to issue an emergency fuel disclaimer that will last one week, intended to help alleviate any shortages.
The Environmental Protection Agency (EPA) said the move, which relaxes some rules usually applied to fuel, would run until 18 May in Pennsylvania, Virginia, Maryland, and Washington DC. In addition, Georgia suspended sales tax on petrol until Saturday. North Carolina was among the numerous states that declared a state of emergency and momentarily delayed vehicle fuel regulations “to ensure adequate fuel supply supplies throughout the state”. While the pipeline outage is having short-term consequences in some regions, some experts believe the longer term impact will be small.
The Colonial Pipeline incident is the latest cyberattack to confront the U.S. government in recent months, following the SolarWinds hacks and the exploitation of Microsoft Exchange Server vulnerabilities.
Get our latest cyber intelligence insights straight into your inbox
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.
