The Colonial Pipeline Hack
Exactly three weeks ago (5/8/21), the Colonial Pipeline Company announced that they had learned they had been the victim of a cybersecurity hack on their website. This attack involved ransomware, a computer virus that encrypts data and holds it hostage until the affected party pays the attacker to get its data back. Payments are usually issued in cryptocurrency.
Far from being a rare occurrence, in 2021, ransomware attacks are no longer measured in the number of attacks per day — instead, it is now measured in seconds. It’s estimated that a company is hit by ransomeware every 11 seconds (that’s 7,854 companies per day for those who don’t want to do the math).
In many cases, these events go entirely unnoticed by the general public. The attacker provides a method for payment, and the companies have to decide if they want to pay to get their data unlocked or if they want to try to restore their data from backups (and you should be making backups). These attacks are incredibly expensive for companies, costing on average of well in excess of $700,000 per event.
The Colonial Pipeline Hack
In the Colonial Pipeline Company case, the company paid almost $5 million to the hackers responsible, even though the FBI discourages organizations from paying ransom to hackers, saying there is no guarantee they will follow through on promises to unlock files. In this case, the hackers, the Eastern European or Russian group DarkSide, did provide a decrypting tool to restore the data. Still, the tool was so slow that the company continued using its own backups to help restore the system.
The Downstream Effect
Prior to this hack, like many of you, I no idea who the Colonial Pipeline Company was. But as the operators of the largest refined fuels pipeline in the US — carrying 45% of the East Coast’s fuel supplies — the shutdown has impacted at least 11 states. As of Thursday morning, 68% of gas stations in North Carolina had run dry, in Georgia, 49% had run out of fuel; in South Carolina, 52%; in Virginia, 54%.
A wake-up call
While I agree with industry experts that this should be a wake-up call for our utilities, this really should be a wake-up call for everyone. While utilities are high on the list relative to other industries, Media & Entertainment actually tops the list, and no industry being tracked drops below a 45% likelihood of being hit:
How does it happen?
When it comes to vulnerability to these kinds of attacks keeping computers on-site is no safer than data stored in the cloud. 41% of attacks affected on-premise data, 35% reporting that only data in the public cloud was encrypted, and the remaining 24% saying that it was a combination of the two.
According to a survey conducted by Sophos (virus protection we use at Metal Toad), incidents tracked the following vectors:
- 45% via a file download, email link, or malicious attachment
- 21% a remote attack on a server via the internet
- 9% misconfigured cloud instance
- 9% via Remote Desktop Protocol (RDP)
- 9% via a supplier who works with our organization
- 7% a USB/removable device
Based on this data, taking three key steps are a big part of making sure your company is staying out of the headlines for the wrong reasons:
- Teach staff (and yourself) not to click on email links, downloads, or plugin USB sticks into their computers.
- Hire a Cloud vendor that can configure, secure, and monitor your cloud servers.
- Secure and monitor any Remote Desktop Protocol (RDP) access you are allowing to your systems.
A data breach at (most) of our companies would not have the same catastrophic impact as it did at Colonial Pipeline, but we should use this incident as a “whale” in the coal mine and work diligently on all of our systems.