Cyberattack on US pipeline is linked to criminal gang
The cyberattack that shut down a major oil pipeline was carried out by a gang that is known to extort corporations and give a cut of the ransoms to charity, a new report said.
The Colonial Pipeline, which carries more 100 million
gallons of fuel from Texas to the Northeast each day, has been out of service
since Friday.
Two sources with knowledge of the federal investigation into
the attack told The Associated Press that the criminal enterprise known as
DarkSide is behind it.
DarkSide launched a ransomware attack against Colonial,
which involves paralyzing company networks before demanding a large ransom to
undo the damage.
Colonial on Sunday said it’s developing a “system restart”
plan for the pipeline, which delivers about 45 percent of the East Coast’s fuel
supply.
“We are in the process of restoring service to other
laterals and will bring our full system back online only when we believe it is
safe to do so, and in full compliance with the approval of all federal
regulations,” the company said in a statement.
Meanwhile, Commerce Secretary Gina Raimondo said Sunday an
“all-hands-on-deck” effort is underway to restore operations.
“We are working closely with the company, state and local
officials to make sure that they get back up to normal operations as quickly as
possible and there aren’t disruptions in supply,” Raimondo said.
DarkSide claims that it does not attack hospitals and
nursing homes, educational or government targets and that it donates a portion
of its take to charity. It has been active since August and, typical of the
most potent ransomware gangs, is known to avoid targeting organizations in
former Soviet bloc nations.
Colonial did not say whether it has paid or was negotiating
a ransom, and DarkSide neither announced the attack on its dark web site nor
responded to an Associated Press reporter’s queries. The lack of acknowledgment
usually indicates a victim is either negotiating or has paid.
The Department of Transportation said it would relax
hours-of-service regulations for drivers carrying gasoline, diesel, jet fuel
and other refined petroleum products, allowing them to work extra or more
flexible hours to make up for any fuel shortage related to the pipeline outage.
That applies to drivers carrying fuel to 17 states and the District of
Columbia.
One of the people close to the Colonial investigation said
that the attackers also stole data from the company, presumably for extortion
purposes. Sometimes stolen data is more valuable to ransomware criminals than
the leverage they gain by crippling a network, because some victims are loath
to see sensitive information of theirs dumped online.
Security experts said the attack should be a warning for
operators of critical infrastructure — including electrical and water utilities
and energy and transportation companies — that not investing in updating their
security puts them at risk of catastrophe.
Ed Amoroso, CEO of TAG Cyber, said Colonial was lucky its
attacker was at least ostensibly motivated only by profit, not geopolitics.
State-backed hackers bent on more serious destruction use the same intrusion
methods as ransomware gangs.
“For companies vulnerable to ransomware, it’s a bad sign
because they are probably more vulnerable to more serious attacks,” he said.
Russian cyberwarriors, for example, crippled the electrical grid in Ukraine
during the winters of 2015 and 2016.
Cyberextortion attempts in the US have become a
death-by-a-thousand-cuts phenomenon in the past year, with attacks forcing
delays in cancer treatment at hospitals, interrupting schooling and paralyzing
police and city governments.
Tulsa, Oklahoma, this week became the 32nd state or local
government in the US to come under ransomware attack, said Brett Callow, a
threat analyst with the cybersecurity firm Emsisoft.
Average ransoms paid in the US jumped nearly threefold to
more than $310,000 last year. The average downtime for victims of ransomware
attacks is 21 days, according to the firm Coveware, which helps victims
respond.
David Kennedy, founder and senior principal security
consultant at TrustedSec, said that once a ransomware attack is discovered,
companies have little recourse but to completely rebuild their infrastructure,
or pay the ransom.
“Ransomware is absolutely out of control and one of the
biggest threats we face as a nation,” Kennedy said. “The problem we face is
most companies are grossly underprepared to face these threats.”
Colonial transports gasoline, diesel, jet fuel and home
heating oil from refineries on the Gulf Coast through pipelines running from
Texas to New Jersey. Its pipeline system spans more than 5,500 miles (8,850
kilometers), transporting more than 100 million gallons (380 million liters) a
day.
Debnil Chowdhury at the research firm IHSMarkit said that if
the outage stretches to one to three weeks, gas prices could begin to rise.
“I wouldn’t be surprised, if this ends up being an outage of
that magnitude, if we see 15- to 20-cent rise in gas prices over next week or
two,” he said.
The Justice Department has a new task force dedicated to
countering ransomware attacks.
While the US has not suffered any serious cyberattacks on
its critical infrastructure, officials say Russian hackers in particular are
known to have infiltrated some crucial sectors, positioning themselves to do
damage if armed conflict were to break out. While there is no evidence the
Kremlin benefits financially from ransomware, US officials believe President
Vladimir Putin savors the mayhem it wreaks in adversaries’ economies.
Iranian hackers have also been aggressive in trying to gain
access to utilities, factories and oil and gas facilities. In one case in 2013,
they broke into the control system of a US dam.
Comments
Post a Comment