Biden declares state of emergency over fuel cyber-attack
Source: BBC
The US government declared a state of emergency on Sunday after the largest fuel pipeline in the US was hit by a ransomware cyber-attack.
The Colonial Pipeline carries 2.5 million barrels a day - 45% of the East Coast's supply of diesel, gasoline and jet fuel.
It was completely knocked offline by a cyber-criminal gang on Friday and is still working to restore service.
The emergency status enables fuel to be transported by road.
Experts say fuel prices are likely to rise 2-3% on Monday, but the impact will be far worse if it goes on for much longer.
Multiple sources have confirmed that the ransomware attack was caused by a cyber-criminal gang called DarkSide, who infiltrated Colonial's network on Thursday and took almost 100GB of data hostage.
After seizing the data, the hackers locked the data on some computers and servers, demanding a ransom on Friday. If it is not paid, they are threatening to leak it onto the internet.
Read more: https://www.bbc.com/news/business-57050690
More at link
HUAJIAO
(2,383 posts)If only.
How can we not have someone of that caliber on our side?
jdadd
(1,314 posts)when people (paid Employees) ran things,rather than web connected technology!
Miguelito Loveless
(4,465 posts)We also warned the government NOT to engage in cyber warfare against other countries, and were ignored.
This is just the latest chicken come home to roost.
speak easy
(9,239 posts)because unilateral disarmament always works.
Miguelito Loveless
(4,465 posts)and thus made us a target. You don't use a weapon against an enemy that you yourself are quite vulnerable to, especially one that is pretty cheap to deploy.
speak easy
(9,239 posts)that cost $100+ to repair.
I mean, really, can you seriously say the GRU Solarwinds attack was in retaliation for Stuxnet?
Miguelito Loveless
(4,465 posts)I am saying that many of us in the IT community warned that it was unwise to launch such an attack since U.S. data infrastructure was quite vulnerable. By using the weapon first, we gave license for it to be used against us. We have started another arms race and it is the the people who will pay.
getagrip_already
(14,716 posts)The goal is money, not political advantage.
And it has nothing to do with the wimpy warnings some in it made decades ago. Computer viruses were still running rampant before stuxnet.
Get over it. This has nothing to do with spy-vs-spy.
This is armed robbery. Nothing more. Nothing less.
Miguelito Loveless
(4,465 posts)I am an IT guy of several decades.
State sponsored attacks/extortion schemes were NOT a thing. And I hardly see the difference between an attack which simply takes out a target, and an attack that takes out a target, but you MIGHT be able to buy your way out of it. Also, these folks are not only taking the target offline, they are threatening to release massive amounts of private data as well, so a "two-fer".
These groups would have a hard time operating without state sponsorship at this level.
getagrip_already
(14,716 posts)Are there political attacks as well? Sure, nk attacked disney for example. That was purely punitive.
But the attack against the pipeline is only financial.
Remember that the early viruses were neither political nor financial. They were largely just trying to cause damage with no real intent.
And it had nothing to do with stuxnet. Neither does this attack.
I've been in high tech a long time, since 1980, and I've seen a lot. I've held security clearances and been places some people only read about.
Stuxnet didn't cause anything that wasn't already happening, and the only reason you even know about it is the target leaked the info. It was going on long before that on multiple fronts. It didn't just leap out from a lab in VA.
I get the negative feelings to what goes on in spookyville, but it isn't the evil we have here..
Miguelito Loveless
(4,465 posts)as my point was these type of high volume operations cannot exist without government sanction. The money just helps defray budget costs and helps the gov't keep a cutout between them and the criminals.
Viruses were nuisances back in the day, with some bad actors with malicious intent. Ransomware is a different matter, but again, the motive is irrelevant. Intelligence services routinely ran blackmail schemes through criminal third parties, allowing the criminals to profit, while they obtained "useful" intelligence, and candidates for involuntary recruitment.
Stuxnet was weaponization of a computer virus against a sovereign state using Israeli intelligence as a surrogate so the US government could have plausible deniability. We opened the door to the practice and now we are on the receiving end with no moral high ground to bitch from.
If memory serves, Trump's Pentagon was discussing using cyber-attacks as a justification for a nuclear response. No way that could go wrong.
getagrip_already
(14,716 posts)But that doesn't mean that would be any different if no guv had ever planned or conducted a cyber attack against another.
Many of these groups are not only self funding, they are extremely profitable for their sponsors. Oligarch's have multiple masters, but money is the leader among equals.
Of course if the circumstances warranted it, it would be a small effort for them to become weaponized. Which is why the genie is so far out of the bottle we need our own bigger, better genies.
Unilateral disarmament is not a workable strategy. No more so than disbanding the military cuz we felt good about it.
Miguelito Loveless
(4,465 posts)What we advised back in the day was "DO NOT be the first to deploy this weapon". We let the genie out of the bottle, just as we did with nuclear weapons.
gab13by13
(21,312 posts)NQAS
(10,749 posts)The question is why they didnt have safeguards in place?
Cost cutting for investor returns and exec bonuses?
Did they have backups and the backups for for the backups?
If state of emergency means USG resources, will the pipeline operator compensate? If not, sounds kind if socialism-ish.
What about systems for other critical services?
Of course its most important to get the systems back online, but these other questions need to be addressed.
NCjack
(10,279 posts)ancianita
(36,023 posts)apparently DarkSide's been known about since last year.
The group has a highly targeted approach to targeting their victims
Custom ransomware executables are carefully prepared for each target
There is a corporate-like method of communication throughout their attacks
The group behind DarkSide announced its new ransomware operation via a press release on their Tor domain in August 2020. Up until this point, some researchers have claimed that the group has earned over one million USD; however, Digital Shadows cannot corroborate a definite figure at the time of this report. Possibly in an attempt to underline their experience, they made a point to clarify that the DarkSide operation isnt their first criminal experience; the campaign was developed to refine existing products into the ultimate ransomware tool.
...To go even further, the group behind DarkSide states their intent to select their targets based on their financial revenue. This method implies that a ransom price is modeled around the victim organizations net income.
The operators behind DarkSide harvest the clear text data from their victims server before encrypting it and requesting a ransom. The stolen data is then uploaded to DarkSides leak website, which serves as a powerful extortion tool for the threat group. The targeted company risks sensitive data loss after a successful attack, and not to mention, a public breach can severely damage an organizations reputation. If this tactic sounds familiar to you, youre right on the money weve been closely following the pay-or-get-breached trend since late 2019.
https://www.digitalshadows.com/blog-and-research/darkside-the-new-ransomware-group-behind-highly-targeted-attacks/
getagrip_already
(14,716 posts)Sorry, just about nothing there is true. I know of at least 10 recent attacks where the attackers asked relatively small companies for $1M. All paid something, some the full amount.
It's just more lore than history.
ancianita
(36,023 posts)They pointed out that 'ability to pay' determined their targets, not necessarily size. How they encrypt the data on their server and then inform their mark sounds logical to me.
Not sure why it's all bs, but I'll take your word for it.
getagrip_already
(14,716 posts)The statement that they made over a million dollars is one. This has become a Billion dollar industry - Billion. That a group as reportedly successful as this one only made a million is laughable. As I said, I know of multiple claims in that realm from individual companies, and entry level cyber insurance insurance policies are typically in the $1M range, so if they are successful operation they are pulling in much, much more.
Do they individually target companies? Possibly, but it isn't the mission impossible level of targeting. They aren't that refined. They mostly just get lucky and find a way in either through social engineering or some unpatched exploit, and that works for them.
The article is clickbait. There are tens of thousands of attacks currently underway. Some will succeed and you will never hear about them.
This one is visible because it looks like they aren't paying up.
My personal solution isn't very popular. I would outlaw any payment as ransom to get data back. Period. Let the chips fall where they may. Take away the financial incentive and these attacks will fall way down.
ancianita
(36,023 posts)seems like the only logical way to stop this. It might not be popular, imo, because 'zero negotiations' laws or policies will make the chips fall toward just selling or releasing the pirated data to other parties. But if one of those parties is a real group working with law enforcement, maybe they might be caught.
So there'd still be monetary incentive, law or no law; they'd take their chances on the bet that the law can't find them. Then I guess there's probably always a buyer beyond the actual victim; say, a victim's competitor, or a state; one or more, even, to start a bidding war.
getagrip_already
(14,716 posts)rather than paying ransoms.
I always here that it's too expensive to improve IT security. I never hear it's too expensive to not pay a ransom.
Claire Oh Nette
(2,636 posts)We're past peak oil, no?
skirmishes in the coming oil wars?
AverageOldGuy
(1,523 posts)I am a long-time member of the Electoral Board in a small, rural VA county. Last year, after three years of study, planning and testing, the VA Dept of Elections dropped on every Registrar in the state 24 pages of cybersecurity requirements so extensive that most localities are hiring outside cybersecurity firms to protect our systems. The systems in Registrar's offices typically consist of a a few computers tied to a router and used almost exclusively to communicate with the state voter registration database.
Sounds as though we are light years ahead of the pipeline people in terms of cybersecurity.
BobTheSubgenius
(11,563 posts)SO MANY moving parts, and one knocked off its assigned task can create disaster. I'm guessing this network has a pretty high level of cyber security. It wasn't enough, clearly. What now?
ffr
(22,669 posts)I honestly don't know. After switching to electric for my transportation, I don't really pay attention to it anymore.
Hekate
(90,645 posts)... and national security. Not just pipelines, but electronics, interwebs, cyber.
LittleGirl
(8,283 posts)This happened to a small company a few years ago. They wanted one million in cash.
The FBI was involved. We must protect our networks with employees, not contractors!
ansible
(1,718 posts)msfiddlestix
(7,278 posts)and that was before the attack. Should have filled up last week, when I had just watched the numbers go up again.
we can do it
(12,182 posts)But then greed will use any excuse.
no_hypocrisy
(46,083 posts)durablend
(7,460 posts)"The emergency status enables fuel to be transported by road."
And hasn't it already been reported that they're having problems finding drivers?
Bet you follow the money train and it leads to a place in Florida.
NickB79
(19,233 posts)The Internet is the new open seas.
getagrip_already
(14,716 posts)They could at least do a little fact checking.
Anyway, to answer all the whosayers and whatnot askers out there, these attacks target not just servers, but network infratructure, storage systems and backup infrastructure as well. Their goal is to make it nearly impossible for you to regain operations unless you pay them big money. They are probably asking for millions in cyber currency.
I wouldn't be at all surprised to hear the attackers were in their network for 6-9 months. I wouldn't be surprised to hear they stole a considerable amount of data, including personnel and customer info. I wouldn't be surprised to hear the company just didn't perform an update to a previously known attack path.
They could have gained entry through a supply side hack (an update sent from a trusted supplier - that's how solar winds attack worked), it could have been through a zero day attack on network gear or vpn software that had yet to be updated, it could have even happened through a sloppy employee.
These groups have time, technology, and greed on their side. They only need an occasional victory. Companies need to win every encounter.
Calista241
(5,586 posts)Food for thought.
ansible
(1,718 posts)I've already been using their Yandex search engine and it's already better than Google in many ways, especially when it comes to reverse searching images. Russia's a cold, depressing country where people spend most of the year in their homes with nothing else to do except use their computers.
live love laugh
(13,100 posts)Dark side dark web ...
Its bullshit.
drmeow
(5,017 posts)what was that you were saying about only roads and bridges are infrastructure again?
This is why cyber security is infrastructure!