Illusive comments on latest Colonial Pipeline ransom reports

According to sources, Colonial Pipeline was insured, which shows how targeted these attacks have become. Hackers are figuring out who is insured, which tells them the company has assets that are valuable and will be in a position to pay. And, as we see in the Colonial attack, instances of ransomware are growing in size and scale. This type of attack is exploding because it works – it scales and is predictable – and it's a way for attackers to make easy money. And some of the criminal enterprises, like DarkSide, are funnelling the money they make back into the tools they are using.

It is worth pointing out, however, that many of these ransomware attacks are preventable. This is not to say that Colonial Pipeline didn't follow due process, but the current approach to ransomware defence tends to be a passive one: endpoint detection and response (EDR), patching, backing up regularly, protecting an increasingly hard to define perimeter. But attackers' creativity and resources require an equally creative, proactive and imaginative set of tactics.

Lateral movement is one of the hallmarks of any advanced ransomware attack: it was the basis of the SolarWinds attack, and it is the reason why Colonial Pipeline preventatively shut down its industrial control systems despite the attack being directed to its business operations. By using early detection tools and employing deception to catch attackers as they are attempting to move laterally in the network, organisations can have the upper hand. Thinking like an attacker is the only way organisations will be able to detect a ransomware attack before it's too late. Contingency and remediation planning are also critical. At the very least, all critical data/crown jewels should be backed up, at frequency dictated by sensitivity. Finally, people, process and technology are key battlegrounds against the attackers. Without education, security protections and new processes, many organisations won't be able to keep up with the sophistication and scale of today's cyber threats.

Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.

World Pipelines’ May 2021 issue

The May issue of World Pipelines includes a regional report on Canada’s oil and gas sector, as well as technical articles on integrity management software, leak detection, NDT, and project case studies. Don’t miss our feature on young pipeliners, in which World Pipelines’ Senior Editor Elizabeth Corner interviews the winners of the John Tiratsoo Award for Young Achievement, awarded by Young Pipeliners International, in partnership with PPIM.

Read the article online at: https://www.worldpipelines.com/business-news/14052021/illusive-comments-on-latest-colonial-pipeline-ransom-reports/