The attackers turn their attention to another critical infrastructure

This is 2021, there is another exceptionally large company with deep shares in the supply chain of the modern world, Colonial Pipeline, the largest U.S


This is 2021, there is another exceptionally large company with deep shares in the supply chain of the modern world, Colonial Pipeline, the largest U.S. fuel pipeline operator, closed its entire network on Friday after a cyberattack involving ransomware that resulted in the shutdown of nearly half of the East Coast’s fuel supply.


taking a company that big and enforced it to shutdown its main operational process because of a malware is not something that was supposed be be sci-fi 10 years ago, company like Colonial Pipeline invest heavy on new technology due to its requirement of distribution network around the US, while we do not know the exact details of the attack, 


It was attacked by a criminal gang based in Eastern Europe, DarkSide, according to a U.S. official and another person familiar with the matter.


The cutting edge ransomware groups today are very knowledgeable regarding the target infrastructure, they are notoriously known to alter their attack based on the target, so it will be much more effective.


The biggest problem today with critical infrastructure is that defense requires to know all the constraints of the system to prevent malfunctions for the day to day operation while attackers don't really care about those issues and are running like an elephant in a china store breaking everything they have access to.


With more than ten of thousands organizations worldwide, ransomware groups attack organizations locking access to basic computer software with advanced encryption capabilities, sending big companies to their knees and enforcing them to stop the process.


stopping the process for industrial companies can cost millions of dollars for an hour of halted system, making them a good target that will pay fast and easily, this is why we see more and more lucrative targets like this attacked.


A chain is only as strong as its weakest link


in the end it's all about a specific vendor that did not want to wait for a verified computer and plug its own, or an employee that download an update of one of the software and the A/V was not updated or even alert that this is a malware, but because it was download from the vendor website it was discarded.


a company can legitimacy can do a lot of things regarding the security of its assets, but the culture set by 50 or more years in the company may prevent it to fulfil the complete and holistic security of the company.


With my many years of security experience on critical infrastructure companies, I often see the culture problems, sometimes I can help the company to overcome those issues, but I had a few companies that the culture stayed and other control was required.


the event on the Colonial Pipeline, it's still in progress as the attacker may inserted more surprises in the network, i do familiar with the business pressure to return to production, but my advice to Colonial personnel is to take the time and verify that all the systems are safe to use and see that incident as opportunity to have more smart investment for security, not only with technology in mind, but for employee education and processes that will prevent the next attack.
Rotem Bar Podcasts