Illusive comments on latest Colonial Pipeline ransom reports
Published by Elizabeth Corner,
Senior Editor
World Pipelines,
Comment from cybersecurity expert Robert Golladay, EMEA and APAC director at Illusive:
According to sources, Colonial Pipeline was insured, which shows how targeted these attacks have become. Hackers are figuring out who is insured, which tells them the company has assets that are valuable and will be in a position to pay. And, as we see in the Colonial attack, instances of ransomware are growing in size and scale. This type of attack is exploding because it works – it scales and is predictable – and it's a way for attackers to make easy money. And some of the criminal enterprises, like DarkSide, are funnelling the money they make back into the tools they are using.
It is worth pointing out, however, that many of these ransomware attacks are preventable. This is not to say that Colonial Pipeline didn't follow due process, but the current approach to ransomware defence tends to be a passive one: endpoint detection and response (EDR), patching, backing up regularly, protecting an increasingly hard to define perimeter. But attackers' creativity and resources require an equally creative, proactive and imaginative set of tactics.
Lateral movement is one of the hallmarks of any advanced ransomware attack: it was the basis of the SolarWinds attack, and it is the reason why Colonial Pipeline preventatively shut down its industrial control systems despite the attack being directed to its business operations. By using early detection tools and employing deception to catch attackers as they are attempting to move laterally in the network, organisations can have the upper hand. Thinking like an attacker is the only way organisations will be able to detect a ransomware attack before it's too late. Contingency and remediation planning are also critical. At the very least, all critical data/crown jewels should be backed up, at frequency dictated by sensitivity. Finally, people, process and technology are key battlegrounds against the attackers. Without education, security protections and new processes, many organisations won't be able to keep up with the sophistication and scale of today's cyber threats.
Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.
World Pipelines’ May 2021 issue
The May issue of World Pipelines includes a regional report on Canada’s oil and gas sector, as well as technical articles on integrity management software, leak detection, NDT, and project case studies. Don’t miss our feature on young pipeliners, in which World Pipelines’ Senior Editor Elizabeth Corner interviews the winners of the John Tiratsoo Award for Young Achievement, awarded by Young Pipeliners International, in partnership with PPIM.
Read the article online at: https://www.worldpipelines.com/business-news/14052021/illusive-comments-on-latest-colonial-pipeline-ransom-reports/
You might also like
World Pipelines Podcast: Going global with IPLOCA
In this episode, Elizabeth Corner speaks to Georges Hage, Executive Secretary at IPLOCA, about IPLOCA's insights on the culture and characteristics of the pipeline contractor community, and how it works to support sustainable energy infrastructure.
Five petroleum product pipelines were completed in the United States in 2024
The EIA has reported that in 2024, pipeline companies completed five pipeline projects to transport petroleum liquids in the United States, according to its recently updated Liquids Pipeline Projects Database. The five projects consisted of three hydrocarbon gas liquid (HGL) pipelines and two petroleum product pipelines.