An important US fuel pipeline operator recently announced that it had been hit by ransomware. Ransomware is a type of cyberattack that encrypts sensitive data and prevents the owner from accessing the data unless the owner pays the criminal to unlock the information. As a result, the colonial pipeline, a private company that transports nearly half of gasoline and other fuels on the east coast of the United States, had to shut down its 5,500-mile fuel pipeline. FBI has Blame the attack In a criminal group called Dark Side.
Unlike the ransomware used for kidnapping, Personal computer files,Lock-up University network Or Blackmail the hospitalAttacks on key infrastructure, such as the fuel pipelines of colonial pipelines, can have enormous impacts on all parts of the country. DarkSide’s ransomware “caused a fairly serious disruption to the fuel supply across the East Coast, causing a lot of policy intervention and reaction from the government. [of President Joe Biden] Josephine Wolff, an assistant professor of cyber security policy at Tufts University, said: Scientific American He talked to Wolff about the threat ransomware poses, how vulnerable the critical US infrastructure really is, and what can be done to protect it.
[An edited transcript of the interview follows.]
Are ransomware attacks more frequent?
It’s hard to identify really good numbers. [there are] There are many ransomware attacks that we haven’t heard publicly. In most cases you do not need to report them. But what we hear is not only clearly growing in number, but also important in its impact. Looking back over a few years, Atlanta city, Baltimore City, a number of government-focused attacks using ransomware. Recently, much attention has been paid to attacks targeting hospitals and healthcare providers. And while few examples are seen, the threat of such attacks is at the forefront. It targets critical infrastructure that can significantly disrupt operations and everyday life.
What other types of infrastructure are at stake besides the pipeline?
A typical example used by people is the power grid.What if someone can do it Prevent the supply of electricity Somewhere in the country? Cloonial pipeline shutdown isn’t exactly the case, but it does apply to the nightmare scenario of “what to do if you lose control of your power infrastructure.” But that applies to many important infrastructure sectors. What if most of the bank’s infrastructure is shut down or inaccessible? What if the metro system in a big city is compromised, making train schedules and transportation inoperable? Up to this point, most of the time I’ve imagined these scenarios. There are some notable examples of the power sector of interest, but this is still a fairly rare event and is therefore very impressive.
Are these systems properly protected?
The general answer is probably that nothing in our energy sector is properly protected. This is a sector with a huge number of legacy systems and complex infrastructure that needs to be up and running at all times. So it’s not easy to say, “It takes a week, a month, or a year to completely revamp everything and update every system.”
How can these potential targets protect themselves better?
First of all, they really need to be trying to lock down the perimeter defense. That is, all the security controls you use to prevent the malware from being delivered to your computer first. This includes two-factor authentication, email alerts for external emails, and screening for new USB drives and other devices connected to your system. I think there should be a lot of control around (especially the moment many people are working from home now) Remote access— A computer connected to the system from outside the office.
large [defense] This is called network segmentation. If part of a company’s infrastructure is compromised and targeted, it is very difficult to spread the malware throughout a larger network. One of the most striking things about this story is that the colonial pipeline has closed more than 5,000 miles of pipeline. Is it, for me, that a very wide range of the system is at stake? [the company is] I was worried that it would be very easy. Ideally, the first compromise shouldn’t have much of an impact.
The other part is thinking about how to recover and run your system very quickly. When you’re dealing with critical infrastructure, you don’t have much time to take everything offline. There are many quick decisions that need to be made. There is a lot to be said to try running some test drills and make sure you have a really clear plan for this situation. I also think it’s part of discouraging ransom. People said, “We trained for this. In contrast to” we know what to do, “” we have never seen anything like this. We I think I have to pay. “
What should governments do to help, beyond individual systems?
I would like to more strongly ban most ransom payments. That is my opinion. That is not everyone’s opinion. But what can the US government do unilaterally? Trying to make this a non-profitable endeavor in the long run is one of the most effective steps we can take. [Cracking] How easily these ransoms can be paid, how easily covered by insurance companies, how much money these criminals can make, and therefore how many of them enter the business I think it can make a big difference in terms of whether you are using this as a way to make a profit.
What do we know about these criminals? How profitable is the ransomware industry?
We know it’s beneficial because we know people keep doing it, and it’s actually the strongest sign we have that people keep making money is. However, it is very difficult to accurately estimate how much money they are making. The group responsible for colonial pipeline ransomware is a criminal organization with a strong focus on ransomware as a service, making ransomware tools and code available to customers for their own attacks. Is set up. This is important because the organization, Dark Side, is building this business not only as a way to target businesses, but also as a way to facilitate other criminals. Again, this is a bit of a scale for this problem, even without hard data.
Is there more hard data if the victim needs to report a ransomware attack?
Reporting requirements at least help us handle the size and scale of the problem better. When you say something like “Ransomware is on the rise” or “2021 is the worst year ransomware has ever been”, there’s actually more difficult data behind these kinds of generalizations. But I also think it will give us more insight: what is the criminal’s profit margin? Who is paying them? How much are you paid? How do you make ransomware a less profitable initiative?
Hacker attacks on critical pipelines indicate weaknesses in infrastructure
https://www.scientificamerican.com/article/hacker-attack-on-essential-pipeline-shows-infrastructure-weaknesses/ Hacker attacks on critical pipelines indicate weaknesses in infrastructure