Observing what happens when a critical piece of technology fails suddenly is a surefire way to understand its value. E.g., most people probably don’t realize how important the Suez Canal is, but that changed in March when it was abruptly blocked by a grounded container ship. A usually dependable machine had gone down for the count. The rest of the world took care.
Something identical happened late last week with Colonial Pipeline, a vast and vital petroleum transportation infrastructure. On Friday, May 7, the organization learned it had been the victim of a ransomware attack. “As a result, we proactively took those systems offline to contain the threat, halting all pipeline activities temporarily,” the firm said in a statement on Saturday. The corporation announced on Monday afternoon that it is working to resume operations. It noted that “segments of our pipeline are being brought back online in a step-by-step manner.”
You do not care much about ransomware threats or where your car’s petrol comes from, which is understandable. Your concerns regarding the case have been addressed.
What is the purpose of Colonial Pipelines?
Via Colonial’s nearly 5,500 miles of pipeline, jet fuel, diesel, oil, and other petroleum products are transported. According to the firm, its operations range from Texas to New Jersey, reaching a total of 14 states and transporting over 100 million gallons of fuel each day. The company’s operations have over half of the gasoline used on the East Coast. All of this means that if you’re fueling up your vehicle on the East Coast, the petrol might have come from these pipes. Similarly, whether you’re flying from Washington Dulles or Hartsfield-Jackson Atlanta, the fuel in the metal bird may have come from Colonial, which takes the energy to seven different airports. The corporation also provides petrol to the military.
In general, the main lines carry gasoline north and east.
According to Patrick De Haan, an analyst whose Twitter reports are a good source of knowledge on the topic, gas has not become more costly as a result of the situation.
There is still little here for the majority of the population. People, there are still no hikes on the horizon.
Patrick De Haan May 10, 2021
What is the concept of a ransomware attack?
Data, like a human prisoner, may be kept hostage for ransom. “Over last few years, ransomware has been on the rise,” says Ben Miller, a vice president at cybersecurity company Dragos. “Human controllers obtain entry to these worlds and encrypt the hard drives and operating systems of the [victims].” They want money—perhaps Bitcoin—in exchange for releasing the details.
He continues, “In many situations, your personal computer will show a warning alert.” The same message will surface in a variety of other places. WannaCry was a well-known example of a ransomware attack.
So, who was the perpetrator?
According to the FBI, the party was renamed DarkSide.
Miller says of DarkSide, “They consider themselves a corporation.” They want to make a money, just like any company, which is their evil business model.
This BBC report contains screenshots of the kind of message DarkSide will appear on its victims’ computers.
Expect more incidents like this in future, as infrastructure and the linked data systems that support it become increasingly vulnerable to attack. Miller notes, “It’s a foreshadowing of things to come.”
What makes a business vulnerable to ransomware?
According to Shuman Ghosemajumder, global head of artificial intelligence at F5, a cybersecurity firm, an organization carrying out a ransomware attack is searching for a few components. The goal must have essential data that they are willing to pay a ransom for and the financial means to pay the ransom. Furthermore, like DarkSide, the attacker needs access to the target’s system in the first place.
“How they get in is dependent on the security system being so weak that they can find a way in and then mount the ransomware,” Ghosemajumder explains. “Usually, it means you have a device in your networks that isn’t patched.”
On a more local basis, the incident serves as a reminder of the significance of installing the most recent software update. However, though Apple makes upgrading the iPhone apps relatively painless, updating the software of a multinational corporation operating anything as complicated and potentially risky as a petroleum pipeline is a far more difficult task. “What you really find is that they’re more concerned with the general stability and reliability of their corporate operations,” he notes. ” the way they do it is by using well-known, stable software versions.”
An outdated version of Windows and other tried-and-true applications can be stable from an operations standpoint, but updating is costly, time-consuming, and may cause new issues. However, depending on older code poses a security risk. Companies would have to prioritize how they handle this issue, from deploying critical fixes to considering complete product version upgrades, according to Ghosemajumder.
Are there any more important things to be learned here?
Yes, really. According to Miller of Dragos, public programs have a “silent aspect.” “They all use the same kinds of computer programs, whether it’s how the power grid works, how waterworks, or how oil and gas works.” (In this case, Colonial brags about the “internet transformation.”) A device lacks built-in stability and is then struck by a crisis, and the ramifications can be devastating.
“As these networks become more interconnected, they become more vulnerable, and the risk of an attack increases,” he continues.
And when an attack or other problem disrupts a mechanism that was previously functioning, people become aware. “Everyone just needs it to work,” Ghosemajumder says. “However, as soon as something goes wrong—whether it’s due to a security breach or an oversight in the way a device was set up or operated—everyone becomes laser-focused on the item that’s now missing or breached, and they begin to understand about what it does.”
“You will also see that very complicated, new technological infrastructures are designed on top of these pretty ancient and rickety dependencies,” he continues.
