US pipeline hack to make ransomware risks a priority

US Colonial Pipeline’s operations have yet to be restored after last week’s crippling ransomware attack

Source: Sophos State of Ransomware Report, April 2021 and Gigamon Zero Trust Survey 2020

Outlook

Colonial Pipeline reportedly plans not to pay the USD5mn bitcoin-denominated ransom to the criminal hacking group DarkSide. The firm has restored from back-ups some of the 600 gigabytes of data stolen, but the hackers could release or sell the sensitive financial and personal data on the dark web, potentially facilitating future attacks.

The hack’s technical details will influence wider corporate cybersecurity. DarkSide appears to have successfully used its standard toolkit -- phishing to gain remote access log-in details -- spotlighting Colonial Pipeline’s inadequate network security architecture and staff training. The US government will push for wider adoption of zero-trust network security, which limits the ability of hackers to exploit one compromised account to gain access to other sensitive data zones.

Impacts

  • Establishing robust cyber defence, response and recovery strategies is a high but necessary corporate cost.
  • Cyber talent shortage, especially in emerging markets, will impede local industry and government efforts to boost cybersecurity.
  • State actors are increasingly accessing the toolkits of private criminal actors by forging transactional collaborations.

See also