Pipelines, Ransomware, and The Solution
You’ve probably heard a lot of news about the Colonial Pipeline cyber attack which happened on May 7th. The pipeline was shut down for several days, causing widespread fuel shortages and price hikes. That pipeline delivers almost half of the fuel (gasoline, diesel, heating oil, and jet fuel) to the East coast of the USA, about 100 million gallons of fuel daily. Read on to learn how this could have been prevented, and the steps YOU can take to protect yourself from cyber attacks...
How Was the Colonial Pipeline Hacked?
Cybersecurity firm FireEye and the FBI have identified the Russian-based DarkSide hacking group as being responsible for the Colonial Pipeline attack. A successful ransomware attack crippled the pipeline operations, and faced with a very difficult and urgent problem, the Colonial CEO agreed to pay a $4.4 million ransom to decrypt the affected systems.
We don’t know the exact attack vector used in this case. It is believed that the hackers gained access to Colonial's computers through the administrative side of the business, rather than the operational side. It could have started with a phishing email, from which an employee was tricked into downloading malware. The attackers may have exploited an unpatched software vulnerability. In the case of the recent SolarWinds hack, it happened via compromised third-party software.
Ironically, this attack may have been facilitated by the “good guys”. As reported in Technology Review, respected computer security vendor BitDefender identified a flaw in the Darkside ransomware code, and released a tool back in January to help affected parties recover from the attack without paying a ransom.
But in doing so, BitDefender publicly tipped off the DarkSide gang to the flaw. The very next day, DarkSide fixed the problem and taunted the world, saying “new companies have nothing to hope for.” If BitDefender had been a bit more circumspect in helping those affected by this particular ransomware, they might have been able to help Colonial quickly mitigate this attack without shutting down the pipeline or paying millions to a criminal hacking operation.
In the wake of the Colonial Pipeline panic, government officials suddenly started making noise about “protecting critical infrastructure” and “national security risks.” New legislation has been proposed, which will undoubtedly have unintended consequences, because that’s what happens when government gets involved with the private sector.
We're From The Goverment And...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI issued a bulletin
titled “DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks”. It contains some practical advice for both large companies and individuals, to help them stay safe from ransomware and other malware attacks.
In this bulletin, CISA and FBI recommend several actions to reduce the risk of compromise by malware attacks. I’ve condensed that advice, tailored it to home computer users, and provided links to some of my articles that provide more help and information.
- Use multi-factor authentication. Doing so will make you immune to account hijacking, even if your password is exposed. (See [DIGITAL LOCKDOWN] Authenticator Apps Protect Your Accounts.)
- Learn how to identify phishing and spear-phishing emails, which are getting increasingly clever, and harder to distinguish from legitimate messages. (See Here's Why Phishing is Getting Worse.)
- Learn how to avoid malicious websites. (See [VIGILANCE] Is it Safe to Click That Link?)
- Update software, including operating systems, and user-installed applications. Consider using a patch management system. (See Keep Your Software Up To Date (or else…))
But Wait, There’s More...
The most important item on the CISA/FBI list of security recommendations was “implement application whitelisting, which only allows systems to execute programs that are known to be safe.”
Now THAT one rings a bell.> For a few years now I’ve been recommending PC Matic’s SuperShield, which uses a whitelist approach that allows only known, trusted programs to run on your computer. PC Matic prevents attacks from ransomware, zero-day exploits, rootkits, cryptominers, keyloggers, fileless scripts, “time bomb” attacks and other types of malware by blocking it before it can begin to execute.
PC Matic also does automatic patch management and driver updates to ensure that all software on your computers are kept up to date. Cyber criminals exploit known vulnerabilities in legit software to gain entry into otherwise well-protected systems. That could very well be the means by which the DarkSide hackers snuck into the Colonial Pipeline operation. Or it could have been an employee who clicked a malicious link, and downloaded malware which enabled the ransomware attack.
In either case, PC Matic would have stopped it cold. See my review and further information about PC Matic in my article What’s New in PC Matic 4.0?
Have you had experience with ransomware? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 28 May 2021
|For Fun: Buy Bob a Snickers.|
Geekly Update - 27 May 2021
The Top Twenty
Geekly Update - 02 June 2021
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Pipelines, Ransomware, and The Solution (Posted: 28 May 2021)
Copyright © 2005 - Bob Rankin - All Rights Reserved