- According to IBM’s X-Force Threat Intelligence Index 2021 study, the energy sector fell from 9th position in 2019 to 3rd place in 2020 among the sectors most frequently confronted with cyberattacks.
- In May 2021, the
Colonial Pipelinewas the target of a ransomware attack. It infected the pipeline’s digital systems, causing it to go offline for several days.
- Colonial Pipeline paid DarkSide a ransom of $4.4 million (USD) for decryption keys to open their systems.
Because the pipeline carries oil from refineries to industrial markets, the intrusion has been declared a national security danger. Experts have confirmed that the attackers gained access to the Colonial Pipeline network through an insecure password for a VPN account.
Many businesses use a Virtual Private Network (VPN) to enable secure, encrypted remote access to their corporate network. So the risk is huge and deserves attention!
1. The convergence of OT and IT networks creates additional risk.
Colonial’s decision to shut down its entire pipeline network – for the first time in its history – was based on a lack of knowledge about who was attacking, what their motives were, or how the attack could harm its technology infrastructure. operational (OT). The lack of a complete understanding of OT network operations and integrations has resulted in a problem that is considerably more serious than a “simple” compromise of back-office systems.
Maintaining separation between OT and information technology (IT) networks, unless absolutely necessary, and tightly controlling and monitoring them can help reduce risk.
2. A successful breach spawns more hacking attempts
The attack on the Colonial Pipeline had repercussions, as phishing attacks against other energy companies increased shortly after the incident. An effort sent a notice to
Of course, the download was designed to infect target computers with malware. In other cases, spear phishing attacks and bot-filled “contact us” forms containing fake threats claiming to be from DarkSide have become more common, primarily targeting the energy and food sectors.
In many incidents, the alleged threat actor claims to have successfully penetrated the target’s network, gaining access to critical data that will be made public unless a ransom of 100 bitcoins is paid.
3. Successful Breaches Incur Various Costs
Colonial Pipeline is famous for paying DarkSide a $4.4 million (USD) ransom for decryption keys to open their systems.
Despite DarkSide expressing regret and
But this is only the beginning. Colonial Pipeline had to rebuild its billing systems for weeks before it could start oil distribution billing again.
4. The Importance of System Monitoring
Before releasing their ransom demands, the hackers launched their attack in the early morning of May 7, exfiltrating 100 GB of data and encrypting back-office systems.
The first offense, however, is believed to have occurred on April 29 and more than a week earlier. This follows a common threat actor pattern of gaining access to the system and then performing stealth reconnaissance while building the base for a full-scale attack.
Security Information and Event Management (SIEM) solutions, when combined with threat intelligence, identification and monitoring, can help detect unusual activity that may indicate the early stages of a threat. aggression before the real problem begins.
5. The importance of IT governance
Not only was the breach made possible by this outdated but still functional section of the network, but access was also authorized by a single user ID/password combination, according to reports. Access to the IT infrastructure of the
The danger to the oil and gas industry, as well as to the energy sector as a whole, is serious and growing. Threat actors vary from sophisticated government-sponsored attackers attempting to inflict societal and financial havoc to smaller hacktivist groups seeking to protest energy projects or advances.
According to IBM’s 2021 X-Force Threat Intelligence Index research, the energy industry rose from 9th place in 2019 to 3rd place in 2020 among the industries most frequently attacked by cyberattacks.
According to the analysis, the energy sector would experience the second highest data theft rate of any industry in 2020, accounting for more than a fifth of all breaches. It is therefore essential to seriously integrate these lessons!