The Pipeline
Unless you’ve been under a rock the past few days, you’re aware of the Colonial Pipeline cyber attack. You may not know all the specifics, but what you do know is that ransomware was involved and now the pipeline is shut down. It’s a mess. And the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have identified the DarkSide ransomware group as being responsible.
DarkSide is a Russian group. Although state-sponsored attacks are prevalent, this group hasn’t necessarily been linked the Russian government. They’ve been extremely active as of late, targeting large American companies for big payouts. The Colonial Pipeline isn’t the first and won’t be the last.
What We Know
I don’t think there are absolutes we can mention just yet as far as what we know about the Colonial Pipeline hack. What we do know is what the next steps are for other businesses. CISA and the FBI released an alert with mitigations and best practices.
Let’s be honest, these are steps that, if you’re concerned about cybersecurity, you should already be employing in your security landscape. But the fact that ransomware gangs are still able to get in means prevention is still woefully lacking. And prevention is going to be your saving grace.
As we can see from the after effects of the Colonial Pipeline shutdown, mitigation and detect and respond isn’t the answer. While there are parts of the pipeline being controlled manually, it’s just too large to be fully operational without it’s systems online. So while they make sure their systems are being cleaned and contained, their operations are offline. Wouldn’t it have been better to prevent the attack in the first place?
Best Practices
Many of the recommendations are steps we should already be using. Have you updated your software or trained your employees on phishing scams? Are you using application allowlisting? Do you have control over your RDP ports? Do you have a product with patch management and RDP monitoring that runs using its own patented application allowlisting technology? (Ok, so this last one is a PC Matic humble brag.)
If you didn’t answer “yes” to each of those, I have to ask why? Ransomware is getting worse. Detect and respond is not a viable only option. The only way is prevention (and common sense practices regarding backups and quick recovery). Paying better attention to preventative technology might have avoided the shut down of a pipeline that services 45% of the east coast. And, to me, that’s a pretty big deal.
Want more information on PC Matic’s preventative approach for government and business? Let’s talk.