04.23.2024
Why You Should Take Power BI Classes
Posted by Marbenz Antonio on August 1, 2022
A ransomware attack made national headlines more than a year ago. On May 7, 2021, the Colonial Pipeline Company revealed that the DarkSide Ransomware-as-a-Service gang based in Eastern Europe had attacked it. DarkSide, which has since been shut down, has been identified as the threat actor by the FBI. What has changed in US cyber policy since then, including in the context of Russia’s attack on Ukraine?
It is vital to emphasize that the attack had an impact on the IT side of the organization. As a precaution, the business shut down the pipeline’s operational technology (OT) side. The Colonial Pipeline connects Texas and New York and can transport up to 3 million barrels of fuel per day. The five-day shutdown knocked off about half of the East Coast’s typical supply of gasoline and aviation fuel. As a result, gas prices increased, creating gas shortages, panic buying, and long queues at gas stations.
It also startled the worlds of national security and law enforcement. Both were reminded that the nation’s key infrastructure was vulnerable to assault.
Colonial Pipeline paid a ransom of $4.5 million to repair its damaged systems. Because the DarkSide recovery capabilities were so slow, the organization largely relied on its business continuity tools instead.
Following the strike, negotiations between the US and Russia commenced. The Russian Federal Security Service apprehended a suspect in the incident. (Any collaboration in this area ceased following Russia’s invasion of Ukraine in February.) Meanwhile, the U.S. The State Department is still offering a reward of up to $10 million for the identification or location of any DarkSide commander.
Colonial Pipeline now faces a $1 million penalty for operational shortcomings and managerial failings that led up to the attack. The most serious alleged failing was improper planning for the pipeline’s shutdown and reactivation.
The incident also increased political pressure on the administration to pass new laws. Pipeline operators and other critical infrastructure corporations are subject to new cybersecurity rules.
The Transportation Security Administration issued two important obligatory directives to all pipeline operators in the United States about cybersecurity and transparency.
On April 20, the federal Cybersecurity and Infrastructure Security Agency said that they are expanding its Joint Cyber Defense Collaborative advisory board, which was founded in August 2021, to include experts in industrial control systems. In reaction to the increased risk posed by the Russia-Ukraine conflict, they also produced a document containing specific Russia-sponsored threats to IT and OT systems.
DarkSide hackers used an old password to gain access to Colonial’s IT networks over a VPN in the absence of multi-factor verification. The effectiveness of this modest attack indicates five factors that should be bear in mind today:
The bottom line from the Colonial Pipeline attack is that the part of the business that was attacked and the part of the business that was affected is not always connected. The attack’s skill and effect aren’t either.
Yes, embrace high-tech tools, AI, and other cutting-edge solutions. But don’t forget about the fundamentals and the architecture. Prepare a backup plan for the measures you’ll do if an attack occurs. That way, whatever the future holds, you’ll have more options than a complete shutdown.
