This is 2021, there is another exceptionally large company with deep shares in the supply chain of the modern world, Colonial Pipeline, the largest U.S. fuel pipeline operator, closed its entire network on last friday after a cyberattack involving ransomware that resulted in the shutdown of nearly half of the East Coast’s fuel supply.
taking a company that big and enforced it to shutdown its main operational process because of a malware is not something that was supposed be be a sci-fi 10 years ago, company like Colonial Pipeline invest heavy on new technology due to its requirement of distribution network around the US, while we do not know the exact details of the attack,
It was attacked by a criminal gang based in Eastern Europe, DarkSide, according to a U.S. official and another person familiar with the matter.
The cutting edge ransomware groups today are very knowledgeable regarding the target infrastructure, they are notoriously known to alter their attack based on the target, so it will be much more effective.
The biggest problem today with critical infrastructure is that defense requires to know all the constraints of the system to prevent malfunctions for the day to day operation while attackers don't really care about those issues and are running like an elephant in a china store breaking everything they have access to.
With more than ten of thousands organizations worldwide, ransomware groups attack organizations by locking access to basic computer software with advanced encryption capabilities, sending big companies to their knees and enforcing them to stop the process.
stopping the process for industrial companies can cost millions of dollars for an hour of a halted system, making them a good target that will pay fast and easily, this is why we see more and more lucrative targets like this attacked.
in the Colonial Pipeline, we have seen an IT system that was attack that shutdown the OT (Operational) system, this dependency is mostly acknowledge and design with the constraints of the industrial world, segmenting the industrial system with a high security perimeter, but the IT systems is not as secured, and with dependencies crossing OT and IT, the attack can be agnostic to the environment it’s attacking as both of them can provide the same effect.
By practicing on pre, mid, and post attack scenarios and equipping the teams with the necessary tools, we formed an internal taskforce to handle attacks such as a malfunction in our system.
BDO Cyber offers a range of different solutions for industrial companies. These solutions are aimed at giving companies a better understanding of the risks associated with their infrastructure.