What will be the fallout from the Colonial Pipeline ransomware attack? How will it shape the threat landscape in the coming months and potentially years?
The Colonial Pipeline ransomware attack appears to be reaching its final stages. As a refresher, the Colonial Pipeline company operates a pipeline transporting gasoline, diesel, and natural gas from Texas to New Jersey, serving most of the East Coast. A for-profit hacking group, identifying itself as DarkSide, initiated a ransomware attack against it earlier in May. This caused the company’s operations to become crippled, and forced a controlled shutdown to prevent further infection, causing fuel shortages along the East Coast.
According to recent reports, Colonial Pipeline CEO Joseph Blount announced to The Wall Street Journal that it agreed to pay its cyber-attackers $4.4 million to bring the ransomware to an end. This payment was made because no one could determine the extent of the damage and because further delays would result in additional fuel shortages.
The Colonial Pipeline Ransomware Attack is one of the most visible and most damaging in the history of cybersecurity. As such, it’s going to have a profound effect on the threat landscape in the future.
Here’s what we predict.
The Fallout of the Colonial Pipeline Ransomware Attack
Successors follow in the wake of success; people tend to follow the leader when they see something working. This behavioral trend, present in all fields including cyber-crime, is precisely why the FBI advises businesses not to pay the ransom if their IT environment becomes infected with ransomware. After all, it just encourages bad behavior in the future.
According to our research, Colonial Pipeline chose to pay the cyber-attackers after consulting with cybersecurity experts; by all accounts, they made the strongest choice available to them in the midst of a crisis.
However, hackers are going to see this incident and its fallout and conclude that ransomware is the most profitable route. Ransomware was already the most prevalent strain of malware utilized by hackers, and in the wake of the Colonial Pipeline Ransomware Attack, rates of infection will skyrocket.
More Attacks on Infrastructure
Cybersecurity advisors, observers, and professionals have all warned for years that critical infrastructure in the U.S. is extremely vulnerable to cyber-attacks. While attacks on that critical infrastructure occurred before, the Colonial Pipeline attack is in a whole different league onto itself. It’s the first attack on critical infrastructure that truly penetrated the consciousness of the average American citizen; moreover, it’s the first attack of its kind to have a tangible real-world effect.
Additionally, Mr. Blount stated that he sanctioned the payment of the ransomware in part because of a sense of obligation; any further delays could cause more problems across the states, for businesses and ordinary citizens alike. Again, this choice makes sense in the context of the cyber threat. Yet hackers will see the success of attacking critical infrastructure and will note that the obligations they have to ordinary citizens; the increased pressure to resolve a problem quickly plays into the threat actors hands.
More Cybersecurity Purchases (But the Right Ones?)
The Colonial Pipeline attack should serve as a wake-up call for businesses of all industries, especially infrastructure organizations. Spending on cybersecurity should increase, and if your enterprise does not already have a CISO, it should create that position.
Yet you should also consider what solutions you’re purchasing and which capabilities you emphasize. Firewalls and antivirus are fine choices but don’t necessarily reflect the threat landscape and modern attack tactics. Email Security, EDR, Data Loss Prevention, and login protections all reflect the evolving nature of cyber-threats in 2021.
For more information on how to protect your business from ransomware, check out the Endpoint Security Buyer’s Guide and the Backup and Disaster Recovery Buyer’s Guide.
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.