[google-translator]

Colonial Pipeline Attack

27
May
2021
Colonial Pipeline Tank

Holding tanks are pictured at Colonial Pipeline’s Linden Junction Tank Farm in Woodbridge, New Jersey, U.S., May 10, 2021. REUTERS/Hussein Waaile/File Photo

Author: Jonathan Azarcon, EVP Marketing & Customer Success, iS5 Communications Inc.

With the recent ransomware attack on the Colonial Pipeline, cyber attacks continue to be commonplace for Mission Critical Infrastructure. The Colonial Pipeline, headquartered in Georgia, is one of the largest pipeline systems in the U.S., spanning over 5000 miles and distributing millions of barrels of oil between Texas and New York.

This large-scale attack represents another level of Ransomware as a Service (RaaS). As reports from Bloomberg indicate, a ransom of close to $5MUSD  was paid to avoid further disruptions to Colonial’s operations (Bloomberg, 2021). This Ransomware outbreak was linked to a group known as DarkSide, who targeted the IT enterprise side of Colonial’s network.

Attacks of this nature are generally done through spear phishing e-mails targeted at the company’s employees where malware is embedded in the composition of the e-mail. Through malicious code, other executables within the malware can then be instructed to gain credentials while taking control of other assets such as Operational Technology (OT). Once hackers have infiltrated the corporate environment, they can traverse through other unsecured networks within the OT environments, target vulnerabilities, and propagate within the company. These types of threats have essentially become the new warfare in the present world, whether by solitary hackers or state-sponsored. These techniques have been used in the past and continue to cause damages that cripple the companies networks and ultimately affect the physical world. In the case of the Colonial Pipeline attack, it largely disrupted the fuel supply chain to the public.

The good news, there are ways to mitigate cyber threats through practicing proper “cyber hygiene” when deployed by the company. Cyber defenses need to be robust, adaptive, and consistently transformational.  Building a layered or Defense in depth approach should be considered to protect the company’s network. Processes should also incorporate security protocols within the organization and training of the staff to ensure they are compliant.

Some examples would be applying a hardened security network by design and implementing the following technologies:

  • DMZ zones between your IT and OT networks.
  • Segmenting networks and groups through the use of VLANs.
  • Restricting management access – switch management access should not be reachable from everywhere.
  • Actively monitoring technologies that detect suspicious activity.
  • Implementing a System Logging Protocol (Syslog) to create and send system log and event messages to a server to track critical events and user activity.
  • Implementing Role based access controls to allow specific users to make changes in the network while actively monitoring activity.
  • Implementation of Multi factor authentication (MFA) or Two factor authentication (2FA) for an additional security layer of user authentication.
  • Consistent changing of passwords longer than 8 characters and mixed.
  • Updating security patches from vendors.

In summary, targeted Ransomware will continue to be prevalent in today’s attacks. Good cyber hygiene needs to be consistently practiced by organizations to mitigate future attacks. A defense in depth approach or layered security in the OT environment should provide active detection of threats, role-based access controls, ongoing risk assessment, and a proper secure industrial network by design.

For additional information: Security Sessions | Cyber Immunity: A Holistic View for Industrial Control Systems (electricenergyonline.com)

About iS5 Communications Inc.

iS5 Communications Inc., is a global provider of integrated services and solutions, and manufacturer of intelligent Industrial Ethernet products. Our products are designed to meet the stringent demand requirements of utility sub-stations, roadside transportation, rail, and industrial applications. iS5Com’s services and products are key enablers of advanced technology implementation such as the Smart Grid, Intelligent Transportation Systems, Intelligent Oil Field, and Internet of Things. All products have the ability to transmit data efficiently without the loss of any packets under harsh environments and EMI conditions.

About the Author

Jonathan Azarcon is currently the EVP of Marketing and Customer Success for iS5 Communications Inc. He has more than 22 years of combined experience in telecommunications technology, working in business enterprise and industrial control applications. He has designed and implemented networks for customers worldwide as a professional services consultant with Alcatel Networks and as a VP of global services & support at RuggedCom Networks and Siemens AG as instrumental in helping customers implement & support communications technology for their ICS.