Energy and Utilities Companies: Improve Cyber Hygiene with a Custom Report
Colonial Pipeline had a shocking result, but what led to the situation was hardly out of the blue. For utilities, energy companies, and other critical components of infrastructure, our free cybersecurity reports may help.
The shutdown of one of the nation’s largest pipelines — 5,500 miles, and the carrier of 45 percent of the East Coast’s fuel supplies — has been a leading news story this past week, particularly for cybersecurity experts, officials at the Energy Department, and even the White House. On May 7th, the Colonial Pipeline halted the movement of refined gasoline and jet fuel in an attempt to contain the breach after a ransomware attack on its corporate computer networks. This is a troubling continuation in a trend of sophisticated threat actors, and in this instance, an illumination of the vulnerabilities and flaws in our infrastructure.
Colonial Pipeline, a privately held company, reports that the attack only had implications on their business network and that the shutdown of the pipeline was done in an abundance of caution. The FBI has confirmed the threat actor behind the attack, the ransomware group DarkSide. They are a ransomware-as-a-service platform that allows cybercriminals to target and infect profitable, large companies and then use a tactic of double extortion to either increase leverage on their ransom demand, or even attempt to get two separate payments. First the actor will demand ransom for a digital key to unlock encrypted files and servers (the conventional ransomware maneuver), then apply additional pressure by threatening to release to the public or destroy stolen (“exfiltrated”) data, says Brian Krebs, of Krebs on Security. After the involvement of US government officials, DarkSide made a point to publicly clarify their motives on their leaks blog:
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives. Our goal is to make money. and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”
As we dove deeper into the Colonial Pipeline situation this week, we saw a few glaring cybersecurity red flags. For example, Colonial has no publicly listed CISO or a visible security team presence — except for an (unfilled) job posting. They also have evident patch management issues — we were able to quickly find a directory server on their system, which should not be exposed to the internet in the first place, and which hosted several known vulnerable pieces of software. This is one of hundreds of exposures that were easy to identify.
We’re not here to cast blame on Colonial — or anyone — for their practices. Only to point out that if these stand out to us, they also stand out to threat actors. We’ve reported recently on the negative consequences of poor cyber hygiene for public utilities, where we looked at the intrusion of a water utility in Oldsmar, Florida. In that instance, the scale was a lot smaller — but the threat was serious, and encapsulates an ongoing concern for public utilities to have proper security measures in place.
If you consider the potential consequences of a hacker gaining access to a small city’s water supply, you can only imagine the severe impact of the Colonial Pipeline breach if the threat actors had different motivations. Of course, a $5 million ransom payout is not a minor amount, and should be a significant motivator for all public utilities, energy companies, and infrastructure providers to prioritize closing up vulnerabilities in their system.
The first step is determining where to even start, and we’re offering help in the form of a free Corvus scan and IT security report. This allows you to see your IT system the way a hacker does, and provides recommendations to solve common risk factors. We want to make the world safer, and that means sharing what we know. If you work for any company or organization supplying water, electricity, oil, gas, or other critical resources, click here to begin.
Corvus Founder and CEO Phil Edmundson sat down (virtually) with VentureFizz to discuss his business beginnings, innovation in insurance, and what makes Corvus successful. If you’re looking to hear more on all those topics, plus paper route nostalgia, the early pitfalls of cyber insurance, and where insurtech can go from here, listen to the full podcast on VentureFizz.com.
On Thursday April 15th, our VP of Smart Breach Response Lauren Winchester participated in a webinar with Jennifer A. Beckage, Esq., CIPP/US, CIPP/E, Managing Director and Daniel P. Greene of Beckage, a full-service tech firm to provide methods to reduce organizational risk. You can read our favorite takeaways below and watch the full webinar here