Colonial Pipeline Ransomware Offers Lessons to be Learned
Whether we liked it or not, 2020 was a year that brought a great deal of change. Many workplaces were forced to go remote basically overnight, and it was predicted that cybercrime would rise to new levels as a result.
One key example we can examine is the recent Colonial Pipeline incident. The ability to keep workers productive and systems up and available as needed for business is critical, but what transpired makes it clear that the Colonial Pipeline is no different from any other business.
In retrospect it seems Colonial Pipeline was targeted because of its likely ability to be able to pay its ransom. The ransomware attack forced on Colonial Pipeline led to a six-day shutdown of the East Coast’s largest fuel pipeline, which raised enough attention to investigate weaknesses in critical infrastructure. This case involved a fuel pipeline, but other industries are also
likely at risk.
This is part of a new wave of “Ransomware-as- a-Service” allegedly related to a Russian language-based group labeled DarkSide, which appears to have rolled out its service around August. By designing and distributing ready-made ransomware, a type of malicious software designed to block access to a system, DarkSide is making it easier for hackers to wreak havoc like never before. Their tactics pressure victims in ransom negotiations to pay quickly for decryption keys and not have their data released publicly. Colonial Pipeline, a prime example of this, paid an estimated $4.4 million, but was fortunate that the U.S. was able to recover almost all of it.
Although the exact cause of the ransomware infection has not been made public, ransomware or distributed denial-of-service attacks could affect a business of any size.
So what are some steps that can be taken for protection?
>> Provide security awareness training. Having clear, informative training for your employees and system users will improve knowledge and self-awareness of behaviors that could lead to security compromises. Malicious software could be introduced via email or attachments, so ensuring email and web browser protections can be key.
>> Maintain a vulnerability and configuration management program. Being able to analyze, prioritize and maintain the integrity of your information technology infrastructure will keep your business running as smoothly as possible. Unpatched vulnerabilities that were put on hold or misconfigurations could be the difference between being prepared for an attack or not.
>> Implement proper patching and backups. Keeping versions of applications patched or backed up properly will allow for a quick rebuild of systems when readily available.
>> Perform regular system audits. Performing a comprehensive assessment of all of your systems, including server logs, data and processes, will help with finding any gaps that can be fixed before an attack with an effective vulnerability and configuration management program.
Michael Taratko is principal consultant for CBTS/Hawaiian Telcom. He can be reached at firstname.lastname@example.org.
© Honolulu Star-Advertiser
Visit this article in the Star-Advertiser.