When hackersĀ strike,Ā we should all be scared.Ā
Gather āround the campfire, let us tell you the harrowing tale of the Colonial Pipeline Attack:Ā
Founded inĀ 1961,Ā TheĀ Colonial PipelineĀ CompanyĀ is the largest refined products pipeline in the United States.Ā Running fromĀ New YorkĀ HarborĀ to Houston,Ā itĀ deliversĀ overĀ 100 million gallons ofĀ fuelĀ to the East Coast of theĀ countryĀ each and everyĀ dayĀ ā thatās nearly 45% of the total gas supply for the region.Ā Ā
Needless to say,Ā theĀ functionality of this mightyĀ piece of infrastructure isĀ fundamentalĀ to theĀ daily livesĀ of millions;Ā So, when officials discovered that Colonial Pipeline had been hit with aĀ debilitatingĀ cyberattackĀ thisĀ past spring, you can understand that the response was nothing short of horror.Ā
The mighty had fallen.Ā Ā Ā
On May 7th, 2021,Ā Colonial Pipeline announced theĀ immediate haltĀ of all operations in the wake of aĀ cybersecurity breach.Ā TheĀ shutdown caused gas shortages, price spikes, and considerable consumerĀ alarmĀ up and down the East CoastĀ for days on end.Ā This reaction, of course, is understandable āĀ with no immediate resolution in sight, Americans beganĀ fearfully stockpiling gas,Ā officialsĀ called emergency meetings inĀ anticipationĀ of the worstĀ ā it was chaos.Ā Ā
Luckily,Ā in this case,Ā theĀ attackerās target wasĀ notĀ the infrastructure of the pipeline itself, but rather the business operations of the Colonial Pipeline Company.Ā Once the threat was dealtĀ with,Ā regular serviceĀ returnedĀ to consumers within a fewĀ days.Ā But while the world awaited an answer from the FBI and othersĀ asĀ toĀ whatĀ reallyĀ happened,Ā many remainedĀ visiblyĀ shakenĀ by how easily bad actors were able to decimate such a large enterprise.Ā If this could happen to Colonial Pipeline, couldnāt it happen toĀ theĀ water supply?Ā TheĀ electricity? Couldnāt it happen toĀ you?Ā
Fears only mounted a month later when the alleged cause of the breach was finally revealed: oneĀ single leaked password.Ā Ā
Thatās right; One exposed password wreaked days-worth of havoc for the entire eastern seaboard of a global superpower. According to testimony from Colonial Pipeline CEO Joseph Blount during a U.S. Senate Committee hearing, the inactive employee password was discovered by hacking group DarkSide on the dark web. Some speculate that the password was a repeat, meaning it had previously been used for another of the employeeās personal accounts. Ā
OnceĀ found,Ā thisĀ password wasĀ thenĀ used to accessĀ the Colonial Pipeline networkĀ via aĀ legacy VPNĀ that did not have multi-factor authenticationĀ enabled.Ā WormingĀ in throughĀ this small point of entry,Ā DarkSideĀ wasĀ thenĀ able to encryptĀ a significant portion ofĀ Colonial Pipelineās data with ransomware, essentially holding the company hostage to their demands.Ā PanicĀ ensued.Ā Ā
And in that panic, Blount made a decision that the EMPIST team never recommends ā he paid the ransom. Desperate to get the system back online, Colonial Pipeline paid DarkSide approximately $4.3M in bitcoin for the safe return of their data. While the U.S. government was eventually able to trace some of the bitcoin Colonial Pipeline used, to this day the full balance has never been recovered. Ā
News of the ransom payment left leadersĀ shocked;Ā AsĀ did the follow-upĀ statements, in which BlountĀ revealed that the Colonial Pipeline Company did not even have a proactive ransomware attack program, but rather just an emergency response protocol.Ā Ā
Those who werenātĀ shocked in the slightest, however, were cybersecurity professionals.Ā You see, cyberĀ expertsĀ have been warningĀ the general publicĀ forĀ yearsĀ about the gaping holes in much ofĀ ourĀ protective protocol.Ā FromĀ business owners to government agencies,Ā no one is safe from ransomware or other cybersecurity attacks. Ā
And while weād love to end this story on a high note, there really isnāt one. Comprehensive, proactive security isnāt just the best measure we have to protect our data,Ā itās theĀ onlyĀ measure.Ā The threat of cyberattacks is very, very real; And if you arenāt scared yet, just wait ā you will be.Ā Ā
Ready to build out your own cybersecurity program? Contact team EMPIST online todayĀ to get started! Ā
(Sources: Bloomberg, Vox, Reuters, New York Times, USA Today, The Washington Post)