The hack of the Colonial Pipeline is the largest cyberattack carried out yet on a U.S. utility company. The attack caused widespread, national disruption and increased scrutiny regarding the security practices and protocols being used by the nation’s largest energy providers.
Subsequent investigations and interviews into the hack revealed that it was carried out not using the most advanced, sophisticated hacking technology and expertise, but by taking advantage of the fact that Colonial Pipeline was not adhering to some of the most fundamental cybersecurity basics.
How did the Colonial Pipeline hack begin?
On May 6th, 2021, an Eastern Europe-based ransomware gang known as DarkSide was able to breach Colonial Pipeline’s cybersecurity defenses and steal 100 GB of data in as little as two hours. The following day, May 7th, the hackers infected Colonial Pipeline’s network with ransomware, locking down the company’s access to their billing and accounting services. DarkSide offered to allow Colonial access to they system in exchange for 75 BitCoin, which at the time would have been valued at about $4.4 million.
In response to the hack, Colonial enlisted the help of Mandiant, a cybersecurity firm tasked with investigating and responding to the attack. Colonial also alerted federal law enforcement to the breach and ceased all pipeline operations in order to contain and mitigate the damage being done by the attackers.
On May 9th, President Joe Biden made an emergency declaration for 17 states affected by the shutdown of Colonial’s distribution.
What are the effects of the hack?
Colonial operates the largest petroleum pipeline in the country. As a result of the company completely shutting down their operations, a short-term limit to a large portion of the Southeastern United States’ fuel supply took effect.
Air travel was affected and gasoline stations quickly ran out of supply. Panicked citizens rushed to purchase gasoline in bulk, sometimes resorting to unsafe practices such as filling grocery bags and open containers with fuel. Fear spread as people began to worry about the implications of a long term gasoline shortage during an already stressful and chaotic pandemic.
On May 12th, five days after the ransomware hack took place, normal pipeline operations were resumed.
How did the Colonial Pipeline Company end the ransomware attack?
On May 19th, Colonial Pipeline officially revealed that they gave in to DarkSide’s demands and paid $4.4 million in BitCoin to regain control of their network. Colonial Pipeline Company CEO Joseph Blount said that deciding to pay the ransom was not an easy decision, but ultimately had to be done “for our country.”
In the following weeks, the U.S. Department of Justice was able to recover the majority of the ransom money. DarkSide, perhaps not anticipating the amount of pressure they would be under after such a high profile hack, largely went into hiding.
How could the hack have been prevented?
While Colonial’s official statements immediately following the hack stated that the criminals used “highly sophisticated” techniques to breach their defenses, further interviews carried out by a Senate committee on Capitol Hill revealed a much different story.
DarkSide was able to infiltrate and take over Colonial Pipeline’s network by using a single leaked password and user name combination that allowed them to simply log in to a “legacy VPN” that was still active within the system.
Because the VPN did not require multi factor authorization, once DarkSide had entered the credentials required for access, they were able to set up shop and completely paralyze the company’s operations.
Particularly determined hackers may find ways to breach even the most highly fortified cyber defenses.
It is entirely possible, however, that the hack of the Colonial Pipeline may have been entirely prevented had the company adhered to basic security principles and required multi factor identification for access to their VPN or discontinued the unused VPN in the first place.
The hack of the Colonial Pipeline is sure to go down in history as one of the most far-reaching cybersecurity slip ups in the nation’s history, as well as a wake up call for the IT departments of large corporations and utility providers the world over. The mere presence of a leaked password, as well as the existence of a functional but abandoned VPN, shows that Colonial did not have good cybersecurity hygiene with regard to password security or network maintenance.
Senator Ron Wyden (D-OR) said on record that “the shutdown of the Colonial Pipeline by cybercriminals highlights a massive problem. Many of the companies running our critical infrastructure have left their systems vulnerable to hackers through dangerously negligent cybersecurity.”
How can future attacks like that on the Colonial Pipeline be prevented?
The Biden administration has unveiled a multi-trillion dollar plan to fortify and modernize the country’s power grid and infrastructure. Additionally, President Biden has been vocal in his determination to bolster the nation’s defenses against cyberattacks.
While the administration’s path forward may enhance the security of federal and government entities, it does little to encourage privately held companies like Colonial to strengthen their own defenses. As cyberattacks increase in frequency, bills are being considered and voted on that will require private companies to report cybercrime activity to the federal government. While some feel that this may constitute government overreach, in the wake of Colonial Pipeline’s shutdown, many feel that the country’s dependence on private utility companies and energy providers warrants a greater degree of federal oversight.
Cybersecurity basics
You don’t have to be a high profile corporation to be hacked. Follow these simple steps to help keep your network and devices safe:
- Create strong passwords. Be sure to use strong login credentials. Change your passwords frequently.
- Delete your cookies. Cookies are pieces of information that websites use to keep track of you. This data can potentially be used by hackers for nefarious purposes. Clear the cookies saved in your browser once every couple of weeks.
- Swap out your old hardware. Replace outdated hardware with refurbished firewalls or network switches from a reputable dealer.
- Hide your activity with a VPN. Using a VPN is a great way to keep your network hidden from hackers. Needless to say, multi factor identification can make the difference between safety and stolen data.
Sources
- CEO Reveals How Easily Colonial Pipeline Hack Could’ve Been Avoided by Aaron Weaver, 9 June 2021, Hacked
- The Colonial pipeline ransomware cyberattack: How a major oil pipeline got held for ransom by Sam Morrison, 8 June 2021, Vox
- Colonial Pipeline hack explained: Everything you need to know by Sean Michael Kerner, 9 July 2021, Whatis.com
- Back to Basics: A Deeper Look at the Colonial Pipeline Hack 8 July 2021, SecureLink
- Colonial Pipeline ransomware attack Wikipedia