Just when you thought it couldn’t get worse, it does.
As the United States continues to reel from the SolarWinds fiasco back in December 2020, cybersecurity has found itself in the spotlight once again. This time, it’s not a corporate breach or attack on healthcare, it’s infrastructure.
One of the largest American pipelines found itself in the crosshairs of a breach, emphasizing just how different the world is and how critical cybersecurity has become. It’s digital warfare, trading explosions for instability, with dangerous effects after the fact. Currently, the United States is working towards shoring up its cybersecurity infrastructure, but with an attack like this, it can’t happen soon enough.
Colonial Pipeline found itself the target of a cyberattack, disrupting its services. The pipeline serves major areas across the states, transporting jet and diesel from places like Texas to New York. Nearly half of all fuel used on the east coast is transported by Colonial Pipeline. The organization released a statement declaring some of their IT systems were shut off to mitigate the threat. Services were also stopped for a duration.
Whether it’s because they didn’t know or remain aloof with the details, the company continued to say it didn’t know the motives or say who the attacker was. Next to the SolarWinds strike, it’s the one of the largest digital attacks on US infrastructure. As the attack occurred, FireEye was called in to respond to the situation.
Attacks like this really put an exclamation point on the dangers of cyber attacks and their targets. We often imagine attacks are insulated to only business enterprises and personal computers/devices. But when chaos can be made, it will be. The nature of the attack was likely conducted by an expert cybersecurity group. Speculation is the attack was carried out by a known ransomware gang called “DarkSide.”
There’s no long-term instability expected. However, were the disruption of services to continue, fuel prices would spike with increased lag in the delivery of fuel. It begs the question, then: what could happen in the future?
Infrastructure attacks like the Pipeline one aren’t uncommon. While not always a casual occurrence, they have happened in the past.
Potential future impacts
Events like the Pipeline cybersecurity attack paint a different picture for what lies ahead. The current administration is actively reviewing its cybersecurity measures with new guidelines in place by CISA and the FBI.
The Pipeline attack, then, is likely going to expedite executive action and increase demand for improved cybersecurity defenses. Part of that is reviewing how the attack occurred, though details are scarce and the damage is not fully understood. Ransomware, however, used used for the attack, so some assumptions can be made, such as:
- The attackers likely compromised security infrastructure and used scaling privileged access to deploy their attack
- They were likely hiding on the Pipeline’s network for a long duration, anywhere from several days, to weeks, to potentially even months
- Any schema could’ve been used to bypass security, ranging from phishing/social engineering to compromising devices/passwords
More details will be forthcoming, from how the impact occurred to the far reaching impact and consequences. Some questions also linger, such as was the attack politically motivated or was the act of a lone but dangerous malware gang?
Regardless of source or motivation, the idea that cyber attacks have reached a scale large enough to halt major services is problematic enough.
Like the SolarWinds attack, we’ll learn more and understand the scope of the damage as time progresses.