Critical Pipeline Network Shut Down By Hackers

Uploaded on 2021-05-11 in TECHNOLOGY--Hackers, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities

A critical oil pipeline  which supplies 45 percent of the east coast fuel supply has shut-down all pipeline operations after being hacked. Colonial Pipeline has said that it was the victim of “a cybersecurity attack.... In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT system."

Colonial’s network supplies fuel from US refiners on the Gulf Coast to the populous eastern and southern United States. The company transports 2.5 million barrels per day of gasoline, diesel, jet fuel and other refined products through 8,850km (5,500 miles) of pipelines.

This attack appears to have compromised systems that control pipeline infrastructure indicates that either the attack was extremely sophisticated or the systems were not well secured. “This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyber attack,” Prof. Mike Chapple, security expert and former computer scientist with the US National Security Agency told the Reuters news agency.

In its statement, the company said it had hired a private security firm to investigate the hack and contacted law enforcement and US federal authorities. “At this time, our primary focus is the safe and efficient restoration of our service and our efforts to return to normal operation. This process is already underway,” it said.

The US Has Suffered Two Major Cyber Security Breaches.

  • The disastrous SolarWinds hack has compromised thousands of US government and private-sector computer networks and was officially blamed on Russia;
  • A widespread cyber attack focused on Microsoft email servers is believed to have affected at least 30,000 US organisations including local governments and was attributed to an aggressive Chinese cyber-espionage campaign.

Both these attacks appeared to be aimed at stealing emails and data but they also create effective ways that can be used to attack the physical infrastructure, however as more details emerge there are a concerns that this may be an extreme criminal attack to extract ransom.

Update:  The  Colonial Pipeline hack has enterd its third day following a ransomware attack on Friday, forcing it to shut down all pipeline operations, although some parts of the network are resuming reduced operationsIf the  pipeline can be restored by Wednesday, it is understood there will be to no long-term impact of the ransomware attack, however, If the shutdown continues, southern states will be the first to experience higher gasoline prices. 

The FBI has blamed the attack on a Russian criminal group, 'DarkSide', thought to have been responsible for attacks on more than 80 companies across the US and Europe to date. DarkSide claims that they do not attack medical, educational or government targets and that they donate a portion of the money they extort to charity. 

FBI:     ABC:      Bloomberg:     Reuters:       ColPipe:      Al Jazeera:     Wired:       Independent

You Might Also Read:

US Sanctions Russia In Retaliation For Cyber Attacks:

 

« Apple Hammered By EU
Covid-19 Has Launched A Pandemic Of Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

RedTeam Security

RedTeam Security

RedTeam Security is a provider of Penetration Testing, Social Engineering, Red Teaming and Red Team Training services.

Intelligence-sec

Intelligence-sec

Intelligence-Sec is a fully integrated Conferences and Exhibitions Company managing and producing topical events for the security industry.

Zadara Storage

Zadara Storage

Zadara provide complete data backup and protection delivered as a fully-managed service.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

MerlinCryption

MerlinCryption

MerlinCryption develops infrastructure security software, delivering advanced encryption, authentication, and random data generators, for Cloud, VoIP, eCommerce, M2M, and USB hardware.

Militus

Militus

Militus provides the only information security service available that learns and analyzes your network over time using a custom-built network-based toolset.

Componolit

Componolit

Componolit GmbH is a highly specialized company with a strong emphasis on trustworthy software, component-based systems and formal verification.

Cyber Security Cooperative Research Centre (CSCRC)

Cyber Security Cooperative Research Centre (CSCRC)

The CSCRC provides frank and fearless research and in-depth analysis of cyber security systems, the cyber ecosystem and cyber threats.

Cyber Command - Romania

Cyber Command - Romania

Cyber Command represents the military authority responsible for the development, protection and resilience of military IT networks and services that support the Romanian Force Structure.

Spike Reply

Spike Reply

Spike Reply is the company within the Reply Group focusing on cybersecurity and personal data protection.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Unified Solutions

Unified Solutions

Unified Solutions provide a full continuum of cyber security services, compliance, and technology solutions.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.

True North Solutions

True North Solutions

True North Solutions provides a wide range of fully customized, vendor-neutral industrial engineering and OT automation solutions to companies across North America and around the world.