Colonial Pipeline, the largest pipeline in the USA, was at the mercy of a cyber attack last week which forced its temporary closure and sent oil prices soaring.
The well-known adage of ‘The bigger they are the harder they fall’ certainly applied to US oil giant Colonial Pipeline this week, after a ransomware attack not only halted operations but forced oil prices to rise across the US.
The US’s largest pipeline was at the mercy of the cyber attack on Friday, May 7, and a spokesperson was quoted as saying they were not expecting to restore full operational services until the end of this week.
To offer a scale to the company’s size, the pipeline transports nearly half of America's east coast's fuel supplies – that’s approximately 2.5 billion barrels per day over 5,500 miles and 18 states. As such, the hack is being seen as one of the most significant attacks on critical American national infrastructure in history.
As a result, the price of fuel at pumps across America are expected to rise if they cannot commence a fully operational system soon. In fact, if the pumps are out of service for a considerable period of time, the reach of this attack could potentially hit Europe, with a chance of price hikes on our side of the pond too.
DarkSide
So how did this happen? How did a ransomware attack force the oil behemoths to shut down their main fuel pipes?
Those behind the attack have since claimed responsibility but stressed they did not mean to cause such widespread chaos. Russian-based hacking group DarkSide have admitted that their demands were purely for financial gain, and in a bizarre statement posted on the dark web, they claimed they would ‘introduce moderation’ in an attempt to minimalise social disruption in future attacks.
It’s thought that the attack was not directly on the systems that operate the pipeline but, forced with no other alternative, and in an attempt at safeguarding, Colonial shut down its entire operation.
Treacle
Oil is not simply about the black treacly stuff flowing through pipes at around 3 to 5 mph, and the oil business isn’t run by workers in overalls releasing valves and tampering with pressure. It is, in fact, very much a digital operation, controlled by hi-tech computers. So naturally, if an attack happens, it’s ripple effect is seen in all areas of the business, including its supply.
But it’s thought that the systems in place are extremely secure and can withstand such an attack. Therefore experts suggest that the source of the attack came via an administrative avenue, possibly an email. So it’s entirely plausible that America’s largest oil company was grounded when an unassuming member of staff was duped into downloading an attachment which contained malware.
Equally, hackers can exploit weaknesses or compromise third-part software. And worryingly, DarkSide may have actually been lying in wait inside the system for weeks - possibly months - before detonating the attack.
At the time of writing, Colonial have managed to operate only a small segment of their pipeline as a stop-gap measure. It’s not known whether DarkSide’s financial demands have been met.
Size doesn’t matter
It’s expected that this hack will be a one-off attack, but it raises awareness that cyber attacks of this nature are an issue, regardless of how big the company is and how tight their systems are, and holds up the flag for other firms - big or small - to perhaps try to increase - or enhance - their own cyber security measures.
The East Midlands Cyber Resilience Centre is non-for-profit and is Policing-led. We provide a range of affordable cyber resilience services with the very current knowledge and technical expertise from the UK's top university cyber talent. Our services help SMEs and therefore supply chain prepare and improve cyber resilience.
Sign up for FREE membership here.