Security Alert Ransomware attack shuts down massive 5,500-mile pipeline that transports 45% of East Coast's fuel

venustus

Level 58
Verified
Trusted
Content Creator
Dec 30, 2012
4,716
ALPHARETTA, Ga. -- The operator of a major pipeline system that transports fuel across the East Coast said Saturday that it had been victimized by a ransomware attack and that it had halted all pipeline operations to deal with the threat. The attack is unlikely to affect gasoline supply and prices unless it leads to a prolonged shutdown of the pipeline, experts said.
Colonial Pipeline did not say what was demanded or by whom, but ransomware attacks are typically carried out by criminal hackers who seize data and demand a large payment in order to release it.
The attack on a pipeline operator, which says it delivers roughly 45% of all fuel consumed on the East Coast, underscored again the vulnerabilities of critical infrastructure to cyberattacks both by criminal hackers and U.S. adversaries. It presents a new challenge for an administration still grappling with its response to major hacks from months ago, including a massive breach of government agencies and corporations for which the U.S. sanctioned Russia last month.
 

Stopspying

Level 14
Verified
Jan 21, 2018
635
Reports about cyberattacks on critical national infrastructure are becoming more common, as we seemingly experience a higher degree of international cyber attacks (cyberwar?). I wonder how many unexplained power outages etc in the past were in fact the result of foreign interference, rather than some of the undisclosed/vague reasons provided afterwards.

When that massive container vessel blocked the Suez canal a few weeks ago it also brought home how key bits of the world's infrastructure are very vulnerable. The knock on effects that things like that can have on 'just in time' delivery systems that so many suppliers rely on is immense.
 

Paul.R

Level 17
Verified
May 16, 2013
821
E04NHdWWYAcCV9G
;) stick with the plan...all planned...
 

cruelsister

Level 38
Verified
Trusted
Content Creator
Apr 13, 2013
2,734
One thing that hasn't yet been mentioned by the news folks is that Colonial Pipeline utilizes the Supervisory control and data acquisition (SCADA) control system which is quite easy (kinda-sorta) to drop a rootkit on, so the fun may just be beginning.

Glad, though, that CP was wise enough to call in my old Flames from FireEye instead of the usual clowns from Symantec to investigate (just sayin').
 

plat1098

Level 24
Verified
Sep 13, 2018
1,337
Unless it is established that there were insiders assisting the ransomware operators, I'm again inclined to blame the "victim." Was nothing learned from the SolarWinds attack?

Just another slack, greedy corporation, handing off the repercussions to the consumer in the form of higher gas prices and reduced supply. Stupid corporate fat-cats.
 

Gandalf_The_Grey

Level 47
Verified
Trusted
Content Creator
Apr 24, 2016
3,621
We often think of those big hacks as some far off thing that has nothing to do with us.
This is my local gas station this morning. The one down the street has 2 dozen cars waiting on 4 pumps and it will be out soon. Reports from the area are this is widespread.
Gas stations along Southeast coast suffer fuel shortage amid pipeline shutdown
 

Stopspying

Level 14
Verified
Jan 21, 2018
635
Critical infrastructure has long been flagged as prime targets for cyberattacks, be they criminal or nation state inspired. As mentioned in this thread history underlines this, especially recent history. The free market seems to be more about the bottom line and shareholder dividends than ensuring services are secure. We're not still in the primary school equivalent stage of learning about these threats as a society, so why does big business still get away with this head in the sand type behaviour?

If anyone is looking for a new career, learning how to prevent cyberattacks, preferable to defending against, is a huge growth area.
 

Gandalf_The_Grey

Level 47
Verified
Trusted
Content Creator
Apr 24, 2016
3,621
President Joe Biden signs executive order to strengthen U.S. cybersecurity defenses:
Following the crippling ransomware attacks on Georgia-based Colonial Pipeline, United States President Joe Biden has signed an executive order aimed at strengthening U.S. cybersecurity defenses. The company operates 5,500 miles-long pipelines that can carry 3 million barrels of fuel per day between Texas and New York. The attack has led to widespread fuel shortages along the East Coast and panic buying in the southeastern United States.

Ransomware attacks are usually carried out using a trojan, which then spreads malware that blocks and encrypts files on a device or network that results in the system becoming inaccessible in most cases. The attackers then threaten to publish the victim's data or perpetually block access to it unless a ransom is paid.

The FBI confirmed that it believes the DarkSide ransomware is responsible for the attack on Colonial Pipeline. DarkSide is a criminal group with origins in Russia.

The White House said it was directing a “comprehensive federal response” in light of the recent attack. President Joe Biden’s executive order takes a number of steps for modernizing the nation’s cybersecurity defenses which include upgrading to secure cloud services and other cyberinfrastructure. It also mandates the deployment of multifactor authentication mechanisms and encryption with a specific time period in place. Software developers are even required to share certain security data publicly.

Colonial announced in a press release that although it has started pipeline operations, it will take several days for fuel deliveries to return to normal levels. President Biden's Energy Secretary Jennifer Granholm also tweeted the update after a phone call with Colonial CEO Tim Felt.

Colonial Pipeline's use of outdated on-premises Exchange Servers seem to be a potential attack vector, but it has not yet been confirmed that this was indeed the security vulnerability that led to the latest attack. Microsoft’s systems were also involved in the SolarWinds attack last year. Microsoft's President Brad Smith had described the cyberattack as “the largest and most sophisticated attack the world has ever seen.”

Even though Microsoft has published many advisories about the importance of keeping on-premises Exchange Servers up to date due to several vulnerabilities being exploited in the wild, many organizations have failed to do so leading to devastating cyberattacks.
 

CyberPanther

Level 6
Oct 1, 2019
277
After a six-day outage, the top U.S. fuel pipeline on Thursday moved some of the first millions of gallons of motor fuels after a crippling cyberattack led to fuel shortages across East Coast states.

The Colonial Pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, said on Thursday it had begun supplying some fuel to most regions along its 5,500 mile (8,850 km) route. It will expand to areas including Baltimore by mid-day, it said.
Top U.S. fuel pipeline recovering from devastating ransomware attack
 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,292
Top