You are probably aware of the Colonial pipeline ransomware debacle which recently shut down 45% of the East coast supply of jet fuel and gasoline. This led to long lines at gas stations as we approached the Memorial Day holiday. This followed similar attacks on JSB Meats (the world’s largest supplier of meat), Solar Winds and Microsoft Exchange. The FBI has confirmed that “Dark Side” was the culprit behind the Colonial Pipeline attack, and probably responsible for a large number of recent attacks generated from behind the electronic curtain of the new Russian Empire. Russia claims no responsibility for the attacks, but it has made no effort to shut down Dark Side and others of its ilk who are operating from Russia or one of its satellites. Estimates vary as to how many attacks have been inflicted on us. Not everyone owns up to a ransomware attack as they are required by law to do. Estimates, however, for 2020 indicate that ransomware payments exceeded $350 million in the USA alone.
These ransomware attacks come in various shapes and sizes. Numerous companies in our industry have been attacked, some more than once. If you have not thought much about it, it is time you do. The information we hold in our files is a very valuable commodity in the open market. Colonial Pipeline paid out almost $5 million to release their records from control by Dark Side. The good news is that the FBI managed to get into the cryptocurrency universe, identify where some of the ransomware proceeds had gone, and recover about half of it before the culprits had control of it.
Quickly, what is ransomware? The culprits who disseminated the malware did not develop it. The malware used in the attack on Colonial Pipeline was initially developed by Dark Side, who then cut a deal with the culprits to share the proceeds from the ransom payment. The culprits then inserted the malware into the Colonial Pipeline system, which allowed them to take control. Upon payment of the ransom, the victims are given a key which allows them to regain control. Colonial Pipeline, and many others have paid the ransom. Dark Side has announced that they are not interested in attacking our infrastructure, only in the money. Maybe so, but Russia just might have different goals.
The Colonial Pipeline attack was so egregious that we have had a response from the White House. President Biden has signed an Executive Order designed to improve the nation’s cybersecurity posture.
1. Simplify the sharing of cybersecurity threat information between Government and the Private Sector.
2. Authorize the Federal Government to create stronger cybersecurity standards.
3. Improve security for the Software Supply chain.
4. Review cybersecurity incidents with a newly created Review Board composed of Private Sector and Government experts.
(For a thorough explanation of the cybersecurity issue and the Executive Order, see the June 2021 issue of Security System News)
Tony Smith is a Past President of the CAA and a former member of the Board of ESA. He is the Founder, President, and CEO of Security Funding Associates, a leading industry financial services firm. He may be reached at firstname.lastname@example.org.