The hacker attack on the largest pipeline in the US that caused the government to declare a state of emergency
The cyber attack affected one of the largest pipeline networks in the US
The US government declared a state of emergency in parts of the country on Sunday (09/05) after the country's largest gas pipeline network suffered a cyber attack on Friday night, paralyzing the flow of fuel.
A group of hackers completely disconnected the network and stole more than 100 GB of information from the Colonial company's pipeline. The pipeline transports more than 2.5 million barrels of oil per day, which corresponds to 45% of the East Coast's supply of diesel, gasoline and aviation kerosene.
Oil market analysts say that, as a consequence, fuel prices are expected to rise between 2% and 3% on Monday. But the impact will be even worse if the "blackout" of the pipeline continues for much longer.
The United States worked late on Sunday to restore service, but due to constant failures on the main lines, the government decided to enact a state of emergency to facilitate the transportation of fuel by other means, mainly by road.
The state of emergency covers 17 states in the country and suspends time restrictions for the transportation of fuels by road.
What is known about the cyber attack?
Several sources confirmed that the cyber attack was caused by a group of hackers called DarkSide, who infiltrated Colonial's network on Thursday.
"Shortly after becoming aware of the attack, Colonial proactively shut down certain systems to contain the threat. These actions temporarily disrupted all pipeline operations and affected some of our technology systems, which we are actively in the process of restoring," he said. the company.
The energy company said in a statement that it is working with law enforcement officials, cybersecurity experts and the Department of Energy to restore service.
DarkSide has carried out other attacks before and asked for millionaire sums
In the statement, Colonial specifies that while its four main lines remain out of service, some smaller side lines between terminals and delivery points are already operational.
"We are in the process of restoring the service to other sides and will put our entire system back online only when we think it is safe to do so and in full compliance with the approval of all federal regulations," he clarified.
Independent market analyst Gaurav Sharma told the BBC that as a result of the attack, there is now a lot of fuel stranded in Texas refineries. With the state of emergency, oil products may be shipped by water trucks to New York, but that would still not be below the pipeline's capacity.
"Unless they solve everything by Tuesday, they will be in big trouble," says Sharma.
"The first areas to be affected will be Atlanta and Tennessee, and then the ripple effect will reach New York," he said.
The cyber attack comes at a time when US reserves are decreasing and demand, especially for vehicle fuels, is increasing. Consumers are returning to the roads as the US economy tries to recover from the effects of the pandemic.
How did the attack happen?
According to Digital Shadows, a London-based cybersecurity company that tracks global cyber criminals, the attack occurred because hackers found a way to penetrate the system by taking advantage of the large number of engineers who remotely access computer control systems. pipeline.
Experts fear that if the service is not restored before Tuesday, the economic impact could be greater
James Chappell, co-founder and director of innovation at Digital Shadows, believes that DarkSide obtained login details for remote access programs, such as TeamViewer and Microsoft Remote Desktop.
Digital Shadows' initial research suggests that hackers are probably based in a Russian-speaking country.
Chappell says it is possible for anyone to search the Internet-connected computers' login portals on search engines like Shodan, and then hackers continue to try combinations of usernames and passwords until either works.
"We are seeing a lot of cases like this right now, this is a serious problem," says Chappell.
"There are new victims every day. There are many small businesses that are victims of this - it is becoming a major problem for the global economy."
How does DarkSide operate?
Although DarkSide is not the biggest of these hacker gangs, the incident highlights the growing risk that ransomware (where an online block is made by criminals, who charge a payment, usually in cryptocurrencies, to free up access) poses for the infrastructure security industry, and not just for the business world.
DarkSide tends to give ransomware-type scams. Victims of a DarkSide attack receive an information packet stating that their computers and servers are encrypted.
The gang then lists all the data it stole and sends victims a link to a "personal leak page" where the data is already loaded, awaiting automatic publication, should the company or organization refuse to pay the ransom.
According to Digital Shadows, DarkSide operates professionally, as if it were a company.
The gang develops its own software used to encrypt and steal data, and then trains "affiliate" agents, who receive a toolkit containing the software, an e-mail ransomware template and training to carry out attacks.
Affiliate cybercriminals then pay DarkSide a percentage of their earnings from any successful ransomware attacks.
In March, when the gang launched its new software that could encrypt data faster than before, it released a press release and invited journalists to interview its members.
Hackers have a website on the dark web where they take pride in their work and provide details about their operations, listing all the hacked companies and what has been stolen. They also have a page with a "code of ethics", listing which organizations the gang pledges not to attack.
DarkSide also works with "access brokers" - hackers who work to collect login details for as many user accounts as possible on various services.
Instead of hacking into these accounts, these access intermediaries sell that user and password data to the highest bidder - typically, other cybercriminal gangs that use this data to commit much larger crimes.
No comments:
Post a Comment