Several critical infrastructure companies were forced to face some hard truths after the ransomware attack in 2021.
With May 7, on the occasion of the one-year anniversary of the Colonial pipeline ransomware attack, looking back on some of the lessons learned can help organizations be better prepared for attacks in the future. Several cybersecurity experts shared their thoughts on what businesses should be aware of and even what cybercriminals learned in the wake of the attack.
In a nutshell, hackers infiltrated the company’s billing infrastructure, shutting down pipeline operation because Colonial Pipeline was unable to adequately bill their customers. Attackers also stole nearly 100 gigabits of data as a result of the hack and demanded a payout of 75 Bitcoin ($4.4 million at the time) to return Colonial’s access to their billing system. The ransom was paid by the company to the cyber criminals, and DarkSide was identified as the culprits behind the attack.
SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)
What cybersecurity lessons have been learned from the attack?
One of the key revelations of the colonial pipeline attack was that cybersecurity in critical sectors of operations needed to be upgraded. A major side effect of the hack was supply chain problems that arose when gas stations and airports were hit by the lack of oil from the pipeline itself.
“Organizations in this industry need to take action to secure their operations if they haven’t already, because this is a seriously overlooked attack vector that is vital to United States national security,” said James Carder, chief security officer of LogRhythm† “Any organization using technology to enable operations for critical infrastructure needs to ensure that the right security protocols are in place, ranging from simple password hygiene, threat detection, preventive audits and response controls to quickly prevent and identify potential disasters.”
President Biden’s death Strengthening the US Cybersecurity Act is a route taken to reduce the severity of these types of attacks. The law, signed into law on March 15, requires companies to report hacks within a certain time frame or risk financial sanctions.
“One important thing we learned was that our critical infrastructure really is less secure than we think,” said Matthew Parsons, director of network and security product management at Sungard Availability Services† “I think it has made us aware of strengthening our stance on cybersecurity in the area of critical infrastructure. The Strengthening Cybersecurity Act of 2022 seeks to increase requirements around critical infrastructure.”
Companies in the chemicals, critical manufacturing, energy, food, emergency services, healthcare, and IT sectors must also engage in strengthening defenses not only in their technology, but also to better prepare employees for best practices when it comes to avoiding these new ransomware attacks†
“One lesson we learned after the hack was that a single password was compromised with an outdated VPN account that was the channel for hackers to get into the network and demand payment,” said Scott Schober, co-host of the Cyber Coast to Coast podcast† “A Zero Trust network requires at least an additional authenticator in case the username and password are compromised. Using MFA adds a layer of security that makes it significantly more difficult to breach the network. With zero trust, each account has limited trust and has segmented access, which in the event that a hacker breaks in, prevents them from working laterally through the network as they have limited access to that particular account segment.
On the other hand, hackers may also have realized just how profitable ransomware really can be when we consider the millions of dollars extorted from Colonial Pipeline and other critical infrastructure attacks. Parsons says an attack of this magnitude and the amount of money generated behind it may have encouraged similar groups to investigate large-scale malicious operations.
“I think the biggest empowering factor for these groups after this attack is that it pays off,” Parsons said. “These guys are specifically targeting operations that they know are big and will have an impact on them and their customers. It can cause a lot of panic and disruption in the population. I think [hackers] realize that if these big companies are successfully hacked with ransomware, there will be a nice payout.”
While the circumstances behind the attack were unfortunate, the information gained from the attack on the colonial pipeline may have been necessary in the long run for anyone on the cybersecurity front. By forcing a variety of organizations from a number of industries to self-evaluate, the next major attack on critical infrastructure areas could potentially evade a costly and disastrous hack in the future.