You have most likely heard about the recent case with the Colonial pipeline. On 7th of May 2021 the pipeline operator closed proactively down all operations and froze the IT-systems after a cyberattack. This had impact on the whole infrastructure, from households over aeroplane fuel to electrical power generation.
According to the company they are transporting daily over 450 million litres of fuel across an area between Texas and New York. It makes about 45% of the East Coast consumption.
How did the ransom attack happen?
We still don't know many details. A third-party security company is doing the investigation. They haven't published the final report. Basically it was an outbreak due to
- a unpatched vulnerability in a system
- a phishing email that successfully fooled an employee
- the use of access credentials that were leaked previously
- other tactics used by cybercriminals to infiltrate a company's network
Once in the network, the encryption Trojan (the ransomware) stated to distribute itself over the network. It encrypted the data and locked the operating systems. Until the proactive shoot down of the pipeline and IT-systems, the infection had already widespread.
Seems that a Friday was chosen by the hacker group on purpose. People tend to think more about weekend than to work.
The first reaction of the pipeline operator was to recover the network with clean backups. But they failed. This rises additional questions…
As the fuel shortage was hitting the East Coast almost immediately after the shoot-down, the Colonial CEO, Joseph Blount, transferred 4.4 million USD to the hackers via Bitcoin.
He was lucky enough to receive in return the encryption key to unlock the network. Still it took almost a week to recover the pipeline operations.
The cost due to cyber hostage are rapidly growing
The Colonial pipeline case is not the only one. Since a few years the attacks with ransomware are increasing.
- 2018 – $8 billion
- 2019 – $11.5 billion
- 2020 – $20 billion
The figures are including the system recovery cost. The company Purplesec has published comprehensive statistics.
If your home computer gets encrypted, you might become angry. But it has no impact on the infrastructure.
If your network servers for advanced meter infrastructure (AMI) get hit, a whole region is in trouble. Simple example, no one can buy a credit token any more…
You'll have a blackout without a real technical cause.
It will get worse
This is only my personal prediction. The internet of things (IoT) is growing and has now reached first implementations by utilities for smart meters. I'm still not convinced for IoT in terms of security and other performance.
Beside IoT as attack-vector we have extensive usage of social media, leading to more clicks on malicious links. In addition, all kind of critical infrastructure will be a lucrative target for hackers.
What can you do?
There are some standard rules for individual users.
- Don't ever share your password and remove the sticker with the password from under your desk
- Change your password(s) regular and use the two factor authentication (2FA) whenever it is offered by online services.
- Don't start your computer when there is a USB drive or other removable media in a port.
- If there is a virus on the USB drive, it will infect the PC hard disk on booting.
- Think twice before opening any attachment that comes in an email. Do you know the sender? Is the sender email address right? Do you expect the attachment?
- If you receive an email from a stranger, delete it without opening the email. If there's an attachment, do not open the attachment under any circumstances!
If you have opened the mail already, don't click on links. Don't trust the information either.
My Microsoft account is cancelled almost every week when I look at my mails. Since the sender address is can be faked easy, you will open some mails. Be careful. - Disable the macro function in your Microsoft applications. Macros can be executed just by opening the Word- or Excel file.
- Use a regular updated Antivirus software to check your hard drive content and incoming documents.
- Use a firewall. This can either be a software solution, already integrated in the newer Windows versions or a hardware firewall on your router.
- For protection of others, don't send word-files. Conversion to PDF makes them smaller and for the receiver more safe to open.
- Don't download software from non-trustable sources.
- Keep your operating system updated. Still 85% of all virus infections happen on Windows systems and mainly on Windows XP, because it's unsupported. The Windows XP Professional software received the last security update in 2019.
Still many companies and even more governmental Organizations are running XP.
For the rest of your company network system you need to trust in your cybersecurity specialists. Maybe they know what they are doing, see the Colonial case.
Final thoughts
You and every user can contribute to cybersecurity. Make sure that your company is holding cybersecurity briefings for the employees and try to keep the rules.
A PC virus can be annoying. An encryption virus is a disaster for the whole organization. It can even cause fatalities. In Düsseldorf (Germany) a patient died because an encryption trojan affected 30 internal servers in the hospital's network.
Thank you for reading.
Stay safe and keep your IT safe!
Editor's note: This article was originally published in May 2021 and has been updated for comprehensiveness.
A good piece. thank you
Thank you for the comment. Stay safe and maybe share with your team.