- According to IBM’s X-Force Threat Intelligence Index 2021 research, the energy industry has risen from 9th position in 2019 to 3rd spot in 2020 among industries most frequently facing cyber-attacks.
- In May 2021, the
Colonial Pipelinewas the target of a ransomware assault. It infected the pipeline’s digital systems, causing it to go offline for several days.
- Colonial Pipeline paid DarkSide a $4.4 million (USD) ransom for the decryption keys to open their systems.
Because the pipeline transports oil from refineries to industrial markets, the intrusion was declared a national security danger. Experts confirmed that the attackers gained access to the Colonial Pipeline network through an unsecured password for a VPN account.
Many businesses utilize a virtual private network (VPN) to enable secure, encrypted, remote access to their corporate network. So, the risk is huge and needs attention!
The lessons learned
1. OT and IT network convergence creates additional risk.
Colonial’s decision to shut down its whole pipeline system – for the first time in its history – was based on a lack of knowledge about who was attacking, what their motivations were, or how the attack may harm its operational technology (OT) infrastructure. The lack of complete insight into OT network operations and integrations resulted in a considerably more serious problem than a “simple” compromise of back-office systems.
Maintaining a separation between OT and information technology (IT) networks, except where absolutely necessary, and rigorously controlling and monitoring them can help to reduce risk.
2. A successful breach breeds other hacking efforts
The attack on the Colonial Pipeline had repercussions, as phishing attacks on other energy companies rose shortly after the incident. One effort sent a notice to
Of course, the download was designed to infect the target computers with malware. In other cases, spear-phishing assaults and robo-filled “Contact Us” forms containing phony threats purporting to be from DarkSide became more common, primarily targeting the energy and food sectors.
In many incidents, the alleged threat actor claims to have successfully penetrated the target’s network, obtaining access to critical data that will be made public unless a ransom of 100 bitcoins is paid.
3. Successful breaches carry a variety of costs
Colonial Pipeline is famous for paying DarkSide a
$4.4 million (USD) ransom for the decryption keys to open their systems.
Despite the fact that DarkSide expressed regret and the
But that’s just the beginning. Colonial Pipeline had to rebuild its billing systems for weeks before they could again start the billing for oil distribution.
4. The importance of system monitoring
Before releasing their ransom demands, the hackers initiated their attack in the wee morning of May 7, exfiltrating
100GB of data and encrypting back-office systems.
The first breach, however, was alleged to have occurred on April 29 and over a week earlier. This follows a common threat actor pattern of gaining access to the system, then conducting stealth reconnaissance while building the basis for a large-scale attack.
SIEM (security information and event management) solutions, when combined with threat intelligence, identification, and monitoring, can assist in detecting unusual activity that may indicate the beginning stages of an assault before the real trouble begins.
5. The importance of IT governance
Not only was the breach made possible by this out-of-date but still functional section of the network, but access was also allowed by a single user ID/password combination, according to reports.
Access to the IT infrastructure of the
The danger to the oil and gas industry, as well as the entire energy sector, is serious and growing. The threat actors vary from sophisticated, government-sponsored attackers attempting to inflict societal and financial havoc to smaller hacktivist groups seeking to protest energy projects or advancements.
IBM’s X-Force Threat Intelligence Index 2021 research, the energy industry has risen from 9th position in 2019 to 3rd spot in 2020 among industries most frequently attacked by cyber-attacks.
According to the analysis, the energy sector would experience the second-highest rate of data theft of any sector in 2020, accounting for more than one-fifth of all breaches. So, it’s a must to seriously incorporate these lessons!