After Colonial Pipeline shutdown, hacker group 'Darkside is just getting started,' experts say
ATLANTA, GA – Colonial Pipeline, the largest fuel pipeline in the United States is under attack. The pipeline stretches from Houston to New Jersey and usually transports more than 100 million gallons of fuel a day.
On Friday, the pipeline was forced to shut down after a gang
of hackers known as Darkside broke into some of its networks.
The pipeline transports 45% of the fuel along the East
Coast, reaching over 50 million Americans and now it’s in jeopardy.
The CEO of a Prevaillon, Karim Hijazi, runs a security
intelligence agency that infiltrates hacker communities every day. Hijazi said
Darkside is just getting started.
"The fact that they came into the environment, they
looked around and took the time to figure out where they were, they stole
information beyond just simply ransomware, it was sort of a double extortion
attack. It really is unprecedented," Hijazi said.
The FBI released a statement confirming that Darkside is
responsible for the hacking at the pipeline.
President Biden said, "so far there is no evidence,
based on our intelligence people, that Russia is involved although there is
evidence that the actor’s ransomware is in Russia."
Experts say Darkside is very strategic about who it attacks.
"They’ll actually look at machines they're infecting
and if those machines have any Russian language settings or something similar
to that they won’t attack that organization," Hijaz said.
Goizueta Business School Associate Dean Ramnath Chellappa
said Darkside is fairly new but highly sophisticated.
"It is believed that Darkside does a great job of
actually figuring out who the competitors are so they actually know what the
next steps to follow if the ransom is not paid," Chellappa said.
However, experts say paying the hackers may not solve
anything.
"I definitely wouldn’t suggest that paying is the way
out of these problems – it certainly is not a guarantee of any sort that you
would get your data back," Hijazi said.
Darkside said on its website that its goal is to make money
and not create problems for society, but the hack could have long-lasting
impacts.
"Once things are embedded – once it’s in, it's really
hard to get rid of because it can proliferate, it can laterally move, it can
spread within the network and go to places it wasn’t before, it can go
silent," Hijazi said.
Plus, another concern is that other actors or adversaries
can learn from the mistakes or successes of Darkside.
"This is a good way to see where the weak spots are,
where people are going to respond, how they’re going to respond, how
aggressively we as a country respond to this politically," Hijaz said.
While many of the systems of the pipeline remain offline,
gas prices are surging across the East Coast.
"We’re probably going to feel the effects of it if this
doesn’t get resolved soon. If there is another wave of attacks here this could
add to a lot more," Hijaz said.
Hijaz said most times hackers have multiple stages in their
attack efforts.
"It is an ongoing battle – we may win this battle here,
but the war will continue to wage," Hijaz said.
However, experts say the biggest takeaway from this attack
is the importance of protecting the country’s infrastructure.
"The first step is to try and always address
vulnerabilities that exist in your environment. The next step is training and
educating your staff to not click on things that look suspicious and when
things get clicked on work with groups like ourselves to preventably see when
something is inside your environment," Hijaz said.
Some states along the East Coast are preparing for a fuel
shortage. North Carolina has declared a state of emergency in response to the
pipeline shutdown.
Colonial Pipeline said it expects to resume full service by
this weekend.
Comments
Post a Comment