One year removed from the colonial gas pipeline attack, what did we learn?

Several businesses in critical infrastructure have been forced to face some hard truths after the 2021 ransomware attack.

As May 7 marks one year since the Colonial Pipeline ransomware attack, covering some of the lessons learned may help organizations be better prepared for future attacks. Several cybersecurity experts commented on what businesses need to look out for and what cybercriminals have learned as a result of the attack.

In short, hackers hacked into the company’s billing infrastructure, banning the pipeline because Colonial Pipeline could not adequately charge its customers. The attackers also stole nearly 100 gigabits of hacking data and demanded a payout of 75 bitcoins ($ 4.4 million at the time) to restore Colonial’s access to their billing system. The ransom was paid by the cybercrime company, and DarkSide was identified as the culprit for the attack.

SEE: Password Breakthrough: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

What cybersecurity lessons have been learned from the attack?

One of the most important revelations of the Colonial Pipeline attack was that cybersecurity in critical operating sectors needs to be upgraded. One major side effect of the hack was supply chain problems that arose as gas stations and airports began to be affected by the lack of oil from the pipeline itself.

“Organizations in this sector must take action to secure their operations if they have not already done so, as this is a severely neglected vector of attack that is vital to the national security of the United States,” said James Carder, chief of staff. security officer of LogRhythm. “Any organization that uses technology to enable critical infrastructure operations must ensure that proper security protocols are in place, ranging from simple password hygiene, threat detection, preventive controls and response controls to fail quickly and identify potential disasters. “

The enactment of President Biden’s American Cyber ​​Security Act is one of the ways to mitigate the severity of these attacks. Under the law signed on March 15th, companies will have to report hacks within a certain time frame or risk being subject to financial sanctions.

“The great thing we learned was that our critical infrastructure is really less secure than we think,” said Matthew Parsons, director of network and security product management at Sungard availability services. “I think this has raised awareness of strengthening our position on cybersecurity in critical infrastructure. The Cyber ​​Security Strengthening Act of 2022 seeks to increase critical infrastructure requirements.

Businesses in the chemical, critical manufacturing, energy, food, emergency, health and IT industries must also commit to increasing protections not only in their technology but also in better preparing employees for best practices. when it comes to avoiding this new ransomware attack.

“One lesson learned after the hack was that there was only one password that was compromised by an outdated VPN account, which was a channel for hackers to log in and demand payment,” said Scott Schober, co-host of Cyber ​​Coast to Coast podcast. “The zero-trusted network requires at least additional authentication in case the username and password are compromised. The use of MFA adds a layer of security, which makes it much more difficult to penetrate the network. With zero trust, each account has limited trust and has segmented access, which in the event that a hacker infiltrates, they can not work sideways in the entire network because they are limited in their access to this particular segment of the account.

On the other hand, hackers may also have realized how profitable ransom software can really be when they look at the millions of dollars extorted from Colonial Pipeline and other critical infrastructure attacks. Parsons says an attack of this magnitude and the amount of money generated behind it may have encouraged such groups to consider large-scale malicious operations.

“I think the biggest boost for these groups after this attack is that it really pays off,” Parsons said. “These guys are specifically focused on operations that they know are big and will affect them and their clients. This can create a lot of panic and confusion among the population. I think [hackers] realize that if these large corporations are successfully breached with ransomware, there will be good payouts. “

Although the circumstances behind the attack were poor, the information derived from the Colonial Pipeline attack may have been necessary in the long run for everyone in the field of cybersecurity. By forcing various organizations from a number of industries to self-assess, the next major attack on critical infrastructure may be able to avoid a costly and catastrophic hack in the future.