Search

Cyber attack has US oil giant over a barrel

Colonial Pipeline, the largest pipeline in the USA, was at the mercy of a cyber attack last week which forced its temporary closure and sent oil prices soaring.


The well-known adage of ‘The bigger they are the harder they fall’ certainly applied to US oil giant Colonial Pipeline this week, after a ransomware attack not only halted operations but forced oil prices to rise across the US.


The US’s largest pipeline was at the mercy of the cyber attack on Friday, May 7, and a spokesperson was quoted as saying they were not expecting to restore full operational services until the end of this week.


To offer a scale to the company’s size, the pipeline transports nearly half of America's east coast's fuel supplies – that’s approximately 2.5 billion barrels per day over 5,500 miles and 18 states. As such, the hack is being seen as one of the most significant attacks on critical American national infrastructure in history.


As a result, the price of fuel at pumps across America are expected to rise if they cannot commence a fully operational system soon. In fact, if the pumps are out of service for a considerable period of time, the reach of this attack could potentially hit Europe, with a chance of price hikes on our side of the pond too.


DarkSide


So how did this happen? How did a ransomware attack force the oil behemoths to shut down their main fuel pipes?


Those behind the attack have since claimed responsibility but stressed they did not mean to cause such widespread chaos. Russian-based hacking group DarkSide have admitted that their demands were purely for financial gain, and in a bizarre statement posted on the dark web, they claimed they would ‘introduce moderation’ in an attempt to minimalise social disruption in future attacks.


It’s thought that the attack was not directly on the systems that operate the pipeline but, forced with no other alternative, and in an attempt at safeguarding, Colonial shut down its entire operation.


Treacle


Oil is not simply about the black treacly stuff flowing through pipes at around 3 to 5 mph, and the oil business isn’t run by workers in overalls releasing valves and tampering with pressure. It is, in fact, very much a digital operation, controlled by hi-tech computers. So naturally, if an attack happens, it’s ripple effect is seen in all areas of the business, including its supply.


But it’s thought that the systems in place are extremely secure and can withstand such an attack. Therefore experts suggest that the source of the attack came via an administrative avenue, possibly an email. So it’s entirely plausible that America’s largest oil company was grounded when an unassuming member of staff was duped into downloading an attachment which contained malware.


Equally, hackers can exploit weaknesses or compromise third-part software. And worryingly, DarkSide may have actually been lying in wait inside the system for weeks - possibly months - before detonating the attack.


At the time of writing, Colonial have managed to operate only a small segment of their pipeline as a stop-gap measure. It’s not known whether DarkSide’s financial demands have been met.


Size doesn’t matter


It’s expected that this hack will be a one-off attack, but it raises awareness that cyber attacks of this nature are an issue, regardless of how big the company is and how tight their systems are, and holds up the flag for other firms - big or small - to perhaps try to increase - or enhance - their own cyber security measures.

The East Midlands Cyber Resilience Centre is non-for-profit and is Policing-led. We provide a range of affordable cyber resilience services with the very current knowledge and technical expertise from the UK's top university cyber talent. Our services help SMEs and therefore supply chain prepare and improve cyber resilience.

Sign up for FREE membership here.


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.