Major U.S. pipeline system shut down after cyber attack

Discussion in 'other security issues & news' started by hawki, May 8, 2021.

  1. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,064
    Location:
    Brooklyn, NY
    Colonial Pipeline's management structure should be disbanded and the direct management handed over to the appropriate federal agencies. The personnel involved should be fired and their pensions and perks taken away.

    Such bumbling, possibly criminal ineptitude and evasiveness--yet another high-profile ransomware attack somewhere else in the US in the coming days seems almost inevitable.

    Good.
     
  2. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "Colonial hack exposed government’s light-touch oversight of pipeline cybersecurity

    Three times over the last year, Colonial Pipeline and the Transportation Security Administration discussed scheduling a voluntary, in-depth cybersecurity review — an assessment the federal agency began doing in late 2018 to strengthen the digital defenses of oil and natural gas pipeline companies, according to a company official and an industry official familiar with the matter.

    But no such review of Colonial’s systems has occurred, according to a Colonial spokesman. And the pipeline company has previously told federal officials it wants to first complete a headquarters move to a new building — probably in November — though the spokesman, Kevin Feeney, said on Friday that it may allow a review sooner...

    But a range of current and former officials and cybersecurity experts say the company’s ability to avoid a government review underscores how a voluntary, arms-length approach by federal officials over nearly two decades has left key elements of the nation’s critical infrastructure at risk...

    ...a review of the TSA’s history since it was handed oversight of pipeline security in 2001 shows a government culture of closely partnering with energy giants and industry trade groups in setting guidelines that were voluntary. No penalty resulted for a failure to obey them..."

    https://www.washingtonpost.com/business/2021/05/30/colonial-pipeline-tsa-regulation/
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "Hackers breached Colonial Pipeline using compromised password

    The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.

    Hackers gained entry into the networks of Colonial Pipeline Co. on April 29 through a virtual private network account, which allowed employees to remotely access the company’s computer network...

    The VPN account, which has since been deactivated, didn’t use multifactor authentication..."

    https://www.bnnbloomberg.ca/hackers-breached-colonial-pipeline-using-compromised-password-1.1612851
     
  4. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "US recovers millions in cryptocurrency paid to Colonial Pipeline ransomware hackers

    US investigators have recovered millions of dollars in cryptocurrency paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, according to people briefed on the matter.

    The Justice Department on Monday is expected to announce details of the operation led by the FBI with the cooperation of the Colonial Pipeline operator, the people briefed on the matter said..."

    https://us.cnn.com/2021/06/07/politics/colonial-pipeline-ransomware-recovered/index.html
     
  5. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    WATCH LIVE: Department of Justice officials discuss Colonial Pipeline ransomware attack (Starting soon)

    https://www.c-span.org/video/?512380-1/justice-department-news-conference&live

    (Video will also be available at above link after the press conference.)
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "...Investigators seized nearly 64 bitcoin, valued at roughly $2.3 million, that were allegedly the proceeds from the ransom hack on Colonial Pipeline, the Justice Department said..."

    [Colonial paid $4.4 mil in ransom]

    https://www.wsj.com/articles/u-s-retrieves-millions-paid-to-colonial-pipeline-hackers-11623094399
     
  7. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
  8. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "U.S. law enforcement seized almost all of the Bitcoin paid to hackers In the Colonial Pipeline attack, but because the value of Bitcoin crashed so much in past weeks, it now only represents about half what the company originally paid for it"

    https://twitter.com/mims/status/1401990400668094465
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    5,598
    Location:
    DC Metro Area
    "New cybersecurity order issued for US pipeline operators...

    In a statement, DHS said it would require operators of federally designated critical pipelines to implement 'specific mitigation measures' to prevent ransomware attacks and other cyber intrusions. Operators must also implement contingency plans and conduct what the department calls a 'cybersecurity architecture design review.'...

    DHS did not immediately release further details about the guidance..."

    https://www.theolympian.com/entertainment/celebrities/article252895358.html#storylink=mainstage
     
  11. plat1098

    plat1098 Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,064
    Location:
    Brooklyn, NY
    https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/

    Excerpt:

    Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities.

    After conducting an attack on Colonial Pipeline, the US's largest fuel pipeline, and causing fuel shortages in the southeast of the USA, the DarkSide ransomware group faced increased scrutiny by international law enforcement and the US government.

    In May, the DarkSide ransomware operation suddenly shut down after losing access to their servers and cryptocurrency was seized by an unknown third-party.

    It was later learned that the FBI recovered 63.7 Bitcoins of the approximately 75 Bitcoin ($4 million) ransom payment made by Colonial Pipeline.

    Edit to add:

    https://twitter.com/fwosar/status/1421504819890634754
    ...
     
    Last edited: Jul 31, 2021
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    39,272
    Colonial Pipeline reports data breach after May ransomware attack
    August 16, 2021
    https://www.bleepingcomputer.com/ne...orts-data-breach-after-may-ransomware-attack/
     
  13. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    9,579
    Location:
    U.S.A. (South)
    Seems whatever transpired behind the scenes after the ransomware hit is working pretty good.

    A compelling lull of additional similar hits have gone silent. Looks like in house local breaches have took their place awhile.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.