Top US Oil & Gas Supplier: Colonial Pipeline, Allegedly Hit by Eastern European Ransomware Attack

By Yevgeny Dibrov, CEO, Armis

Initial reports indicate that European criminal gang DarkSide undertook the attack against Colonial Pipeline, taking 5,500 miles of pipeline off-line and stopping the distribution of 100 million gallons of fuel per day. As the cyberwar against our infrastructural players continues to escalate, we can expect to see even more of these incidents occurring, with multiple bad actors attempting to blackmail and/or damage key oil, gas, water & nuclear players.

This attack on Colonial Pipeline is clear evidence of the need to provide cybersecurity and assurance to all our utility providers and players. It is also an unfortunate example of the huge vulnerability of an aging infrastructure that has been connected, directly or indirectly, to the internet.  Organizations must be able to track behavior, identify threats, and immediately take action to protect the safety and security of their operations.

Armis tracks over 1B assets and devices daily, helping to provide subscribers from falling prey to such attacks.  Our unique OT & ICS visibility and threat detection capabilities offer our users the ability to stay abreast of suspicious system behaviors, working across their ecosystem to limit and shut down any rogue assets, systems or applications.

In this case, the Department of Energy is monitoring potential impacts to the nation’s energy supply whilst the Cybersecurity and Infrastructure Security Agency (CISA) and the Transportation Security Administration are involved in the criminal investigation. Colonial Pipeline confirmed that they had shut down 5,500 miles of pipeline as a security precaution and had engaged a cybersecurity firm to undertake a post-incident analysis and assessment.

This attack has led to an immediate halt in oil and gas distribution across the East Coast of the United States (including multiple states and airports) and has led to an immediate decline in the futures market. Every day, key infrastructure across the US is under attack. This is a clear case of ICS/OT being hacked, turned against their very owners, the intention, in this case, appearing to be a desire to extract ransom monies from Colonial Pipeline, in exchange for releasing control of specific OT systems.

Such attacks are preventable— the ARMIS platform is designed to limit the ability of such bad actors from ever breaching your environment and conducting such an attack. If you want to know more about how we do this, simply request a live demo here. ISG named Armis the leader in OT security when it comes to such matters. Simply click here to get your copy of their report.