Colonial Pipeline, one of the major fuel suppliers that is responsible for delivering roughly half of all liquid fuels uses across the American east coast, became the target of a ransomware attack late last week. As a result of the cyber attack, the company had to halt normal pipeline operation and the US Department of Transportation put in motion emergency protocols, allowing fuel delivery using the country's road network, to prevent any major fuel supply disruptions.
Colonial Pipeline announced it had become the target of a ransomware attack over the weekend, with the incident taking place sometime last Friday. The company also announced that it had shut down a number of its networks and systems offline in an effort to limit the spread of the ransomware and avoid even further, more significant damage.
The company had also informed all the appropriate US authorities about the attack and had also hired a third-party security firm to help get its networks back online and investigate the attack. The FBI had also been on the case for several days now and the Bureau disclosed that the threat actor behind the attack has been identified as the DarkSide cyber gang.
DarkSide – New Threat from a Familiar Name
DarkSide are no strangers to the FBI and the cyber security industry as a whole. The threat actor's first traced actions date back to 2020. DarkSide are known for trying to build something of a Robin Hood image, posting receipts from charitable donations on their website, made using cyber ransom money.
The flow of Colonial's pipeline has now been cut off for three days in a row and the company says it is taking gradual steps towards restoring regular operation. Even with tanker vehicles using the roads to deliver fuel to the east coast, the refineries that output their production into the pipeline will not be able to store produced fuel locally much longer, so the resumption of normal pipeline operation is crucial not only to Colonial and the end users but also to the production sites.
Security experts observing the attack commented on the need for very good network segmentation as a good defense against ransomware attacks of this kind, specifically the DarkSide Ransomware threat used by a clever hacker group. It is not entirely clear whether Colonial took their networks offline because they were already infected or as a precaution to stop further damage. However, good segmentation of information and operational systems and networks is absolutely imperative when it comes to good cyber security.
A threat actor who has gained access and compromised the IT network of an enterprise could easily move to operational systems and networks if good segmentation and separation protocols are not observed. Once a threat actor managed to cripple the operational network of an entity as big and as important as Colonial Pipeline, the potential damage could be immense and have more than just a monetary manifestation.
Ransomware isn't going anywhere, it seems, with instances of ransomware attacks rising about 150 percent over the course of the previous year. Given the data available so far in 2021, this trend might continue.
It remains to be seen whether Colonial Pipeline will be able to get all its operational systems back online by the end of the week, as the company plans and as may prove crucial for the fuel industry of a major part of the US.