May 12 2021 One of the major U.S. oil pipeline operators, the Colonial pipeline transport company was hacked, its main pipeline carrying nearly 45% of the east coast of the United States oil supply was forced to close on the 7th, has not yet resumed work, resulting in a number of U.S. states and regions fuel supply crisis. Where did the hacking attack that cut off America’s oil supply “artery” come from? How does it happen? Why is it so impacting on U.S. energy infrastructure operations?
The FBI said in a statement Monday that it has identified a hacker group called “Dark Web” as behind the pipeline outage and will continue to work with the Coronary Pipeline Transportation Company and other federal government agencies to investigate.
According to several media reports, the “dark web” is a criminal gang that first surfaced last August, mainly by providing ransomware and related facilities to its affiliates and extracting ransoms from affiliated organizations.
Cybersecurity firm Saberison has helped more than a few 10 customers fight the “dark web” group in the past few months, according to its website. According to reports, the “dark web” ransomware has gradually become the main trend of the “double ransomware” strategy, first stealing sensitive information stored in the victim’s system, and then encrypting the sensitive data and issuing a ransom demand in exchange for the key. In addition, blackmailers issue additional threats: if the ransom target refuses to pay the ransom, they publish stolen data online. This means that ransom payments can be made regardless of whether the ransomware target backs up the data in advance.
According to previous attack data, the “dark web” eventually extorts ransoms from victims, typically between $200,000 and $2 million, requiring payments using crypto-virtual currencies such as Bitcoin or Monroe.
In the attack, the “dark web” stole nearly 100 gigabytes of data from the Computer Network of the Colonial Pipeline Transportation Company in just two hours, Bloomberg News reported. “We are not involved in politics, we do not need to bind ours to specific governments … and we are not involved in the dark web,” the dark web said in a statement posted on its dark web site, Dark web Decryption. Our goal is to make money, not to cause trouble for society. The statement said the cyberattack on the Colonial pipeline company was carried out by one of its affiliates, and the “dark web” said it would step up its review of the targets of the affiliate’s attacks in the future to “avoid future social consequences.” The amount of the ransom for the ransom is not known, and the Colonial pipeline company has not said whether it will pay the ransom.
U.S. media and experts have expressed concern about the fragility of cybersecurity defenses in the U.S. energy infrastructure exposed by the emergency. Wired magazine reported that a cyberattack that paralyzed operations at the Colonial pipeline company and cut off a large portion of the East Coast’s fuel supply was an ominous sign for critical U.S. infrastructure. “This is the biggest cyberattack we’ve ever seen on U.S. energy systems,” Robert E. Lee, chief executive of Dragos, a U.S. cybersecurity firm, was quoted as saying. ”
The New York Times also published an article saying the attack exposed the fragility of key U.S. energy pipelines and that hackers had become more brazen in attacks on critical infrastructure such as power grids, pipelines, hospitals and water treatment facilities. The rise of cyber insurance and cryptocurrencies has contributed to the “explosive” growth of ransomware cases, the article said, making companies and government departments mature targets for criminal gangs who believe they are being held accountable for ransom and cryptocurrencies make ransom payments harder to track.
White House homeland security adviser Elizabeth Sherwood-Randall said at a news conference on the 10th, the hacking incident exposed the U.S. critical energy infrastructure is mainly owned and operated by the private sector caused by the vulnerability. She also said the Department of Energy has convened utility partners in industries such as oil, gas and electricity to analyze details of ransomware attacks and discuss measures to avoid a repeat of such incidents in the industry.