Colonial Pipeline failure shows cybersecurity not taken seriously

May 18, 2021 // By Jean-Pierre Joosting
Colonial Pipeline failure shows cybersecurity not taken seriously
Digital Security Research Director from ABI Research answers critical questions about the Colonial Pipeline ransomware hack and purposeful skimping on basic cybersecurity.

The obvious question on the minds of cybersecurity professionals is how the Colonial Pipeline ransomware attack could happen to such a large and sophisticated company. To provide insight into this catastrophe, ABI Research turned to its Digital Security Research Director Michela Menting with some pressing questions about this stunning breach. Perhaps the most significant statement made by Ms. Menting will give every company a wakeup call: "Any company (especially one with upwards of $500 million in annual revenues) that is not prepared for such attacks has clearly been purposefully skimping on basic cybersecurity tools, training, and strategy."


Question 1: In simple terms, what was the exact nature of the hack?

It was a ransomware attack. In general, this means a threat actor infiltrated corporate IT systems and installed some malware, which encrypts data and systems. As a result, these systems become unusable without a decryption key. The threat actor then offers to deliver the key only in exchange for a ransom payment.

In the case of the Colonial Pipeline attack, the threat actor is a group known as DarkSide. The group utilizes an additional tactic that involves stealing a copy of the data before encrypting the original. This puts additional pressure on the company, as DarkSide threatens to release the data publicly unless the ransom payment is received.  


Question 2: What was the primary infrastructure weakness that enabled entry? Was there more than one critical entry point?

The primary infrastructure weakness is unknown at this point as Colonial Pipeline has not revealed any information pertaining to how the threat actors got in. Typically, however, such groups use a mix of social engineering, such as phishing emails, and vulnerabilities of remote access mechanisms, to get in and then privilege escalation (e.g., gaining elevated access to restricted resources) and lateral movements (e.g., using one system to access other systems in order to move deeper into the network) inside the infrastructure to identify weaknesses and assets. 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.