Colonial Pipeline Attack

A summary of what happened

In the current digital era, cybercrime is constantly increasing, and the number of threats experienced by businesses and people is also growing. Each year breaches report exceeds what was experienced in the previous year. As brands and institutions rely more on technology, they also become more vulnerable to security threats. Hackers are always getting new ways of making into a business or organization data, and this is essential as businesses need to take serious measures to curb this problem.

In May 2021, Colonial Pipeline, a company situated in the United States, became a victim of a ransomware attack. The company deals with supplying gasoline and various types of petroleum products from Texas to New Jersey and the entire Midwest. The hackers breached the business via a VPN account using a single password that was compromised and managed to reach their network. Even though the operational technology was ok as the attackers did not manage to alter it, the company decided to terminate its fuel transit on its major route to curb the problem and close down leaks.

Disruption of the fuel flow leads to a serious shortage of fuel in the Southeast, Midwest, and Northeast areas of the country, leading to a high price of fuels. The attackers stated that they would cause more damage unless they were paid the $5 million value of bitcoin. The quoted amount was three times more than the annual profit of the business. What makes the Colonial Pipeline attack so serious is how hackers access the system. It was reported that the business did not use multifactor authentication.

According to the reports, the company was shut down for six days before resuming its normal activities. FBI started their investigation immediately after three days from the first report on social media. This attack might have been facilitated by a person working in the company as they gave the attackers VPN credentials; however, no one has an idea how the hackers managed to access those credentials. This attack is a good example of why companies should have strong cyber security precautions while handling sensitive data. MFA is one of such security measures, and the good thing is that most companies are begging to adopt (Voas, Kshetri, & DeFranco, 2021). The Colonial Pipeline decided to pay the attackers $4.4 million, and the company managed to reverse almost 50% of that amount.

How the event relates to information security

The event relates to information security as the attackers managed to steal 100Gb of information and threatened that they would publish it to the internet if the company would not pay them. After several hours of the attack, the company decided to pay the hackers $4.4 million as an exchange for a description, which was very slow.

What concepts from the course thus far the event relates to

The Colonial Pipeline attack relates to a ransomware attack, a malware that prevents access to devices or information unless a specified demand is addressed. The attack involved hackers encrypting down files on the colonial Pipeline system.

What the significance of the event was

The main target of the hackers was the billing instrument of the business. The real oil pumping equipment was functioning well. The main reason why the company shut down its services was due to the inability to bill its clients. Another reason for shutting down the company’s operations is that the hackers may have accessed the information that would have enabled them to continue their attacks to the most vulnerable areas (Ford, 2021).

Lessons learned

The lesson learned from Colonial Pipeline is the importance of system monitoring. In the early hours, the attackers began their activities stealing around 99GB of information and encrypting back-office equipment before they demanded that huge amount of money. However, a breach report occurred a week earlier before the incident in Colonial Pipeline. It was a similar pattern that attackers used to gain access to the data then carry out stealth reconnaissance. SIEM solutions installed with great threat intelligence, detection, and supervision can help know malicious activities, and it could give an early signal of a possible attack. Another lesson from the incident is the importance of IT governance. Formal, basic procedures for preventing access points and obsolete instruments and networks would have minimized the institution’s threat and any risk concerning breaching of data at the begging. MFA should be given priority for secure remote access.

In conclusion, the threat to fuel and the energy industry is real, becoming big. The attackers vary from sophisticated, government-sponsored hackers after social and financial problems to growing activists who show their opposition to energy projects. According to a report, energy is number three among the companies that attackers target most. The energy sector is also in the second position for most data theft cases in the research. While the outcomes of the Colonial Pipeline attack were expensive and severe, it has opened the eyes of other energy sector companies.

References

Ford, E. W. (2021). Cyber Ransom in the Information Age: A Call to Arms Against the Hackers. Journal of Healthcare Management; Chicago, 66 (4), 243-245. Retrieved from https://www.proquest.com/scholarly-journals/cyber-ransom-information-age-call-arms-against/docview/2582970155/se-2?accountid=151051

Voas, J., Kshetri, N. 1., & DeFranco, J. F. (2021). Scarcity and Global Insecurity: The Semiconductor Shortage. IT Professional Magazine; Washington, 23 (5), 78-82. Retrieved from https://www.proquest.com/scholarly-journals/scarcity-global-insecurity-semiconductor-shortage/docview/2581575225/se-2?accountid=151051