Articles

Colonial Pipeline shutdown highlights need for better OT cybersecurity…

Experts weigh in on what the Colonial attack teaches critical infrastructure providers about preparation and incident response.

In one of the most disruptive cybersecurity incidents to take place in the United States, Georgia-based Colonial Pipeline announced late Friday that it was the victim of a cyberattack, later confirmed to be a ransomware attack. The company said it proactively took specific systems offline and halted all pipeline operations.

Colonial called in federal authorities and hired FireEye Mandiant to conduct an incident response investigation. On Sunday, the third day of its shutdown, Colonial said it was developing a system restart plan while keeping its four main oil lines offline. The company said it would bring its “full system back online only when we believe it is safe to do so, and in full compliance with the approval of all federal regulations.”

News of Colonial’s shutdown reverberated all weekend throughout the cybersecurity world, given how critical Colonial’s pipeline business is to the nation’s economic health. Colonial transports 2.5 billion barrels of oil per day to the eastern US and connects to 30 refineries and almost 300 distribution terminals. It carries gas and other fuel from Texas to the Northeast, delivering around 45% of the fuel consumed on the East Coast.

The criticality of Colonial Pipeline to the national infrastructure became clear late Sunday when the Biden administration issued emergency waivers in response to the cyberattack, lifting limits on the transportation of fuels by road as fears of shortages begin to put upward pressure on oil and gas prices. Commerce Secretary Gina Raimondo said that the President had been briefed, and it’s an “all-hands-on-deck” situation to ensure the attack doesn’t disrupt the US oil supply.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by SELİM ARDA ERYILMAZ on Unsplash

 

Articles

Task force proposes framework for combatting ransomware

A diverse coalition of experts from business and the public sector present 48 recommendations for solving the ransomware crisis, including international cooperation and regulating cryptocurrencies.

Ransomware, the “perfect crime” of the internet era, is spreading rapidly, growing according to some accounts by 150% or more in 2020. There are no signs of a slow-down in 2021. The average ransom demanded by attackers jumped 43% from Q4 2020 to Q1 2021 to $220,298 as threat groups target bigger and more vulnerable organizations, from police forces to hospitals to municipal school districts.

Two significant factors aid the inevitability of ransomware. The first is the ease with which cybercriminals can earn money from their ransomware endeavors. The second factor bolstering the ransomware market is the inability of law enforcement or government officials to do much of anything about these kinds of attacks.

Acknowledging that the ransomware problem has gone from bad to worse, the Biden administration’s Justice Department has launched a task force that reportedly targets the entire digital ecosystem that supports ransomware. That task force consists of the Justice Department’s criminal, national security, and civil divisions, the Federal Bureau of Investigation (FBI), and the Executive Office of US Attorneys, which supports the 93 top federal prosecutors across the country.

Now a 60-plus member coalition of volunteer experts from industry, government, law enforcement, insurers, international organizations, and other areas has put forth a comprehensive framework of 48 actions that government and industry can pursue to disrupt the ransomware market. The Ransomware Task Force, primarily organized by the Institute for Security and Technology, is issuing a report today called Combatting Ransomware, A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force.

This article appeared in CSO Online. To read the rest of the article please visit here.

 

Articles

Sprite Spider emerging as one of the most destructive…

Having flown under the radar for several years, the Sprite Spider group is using a ransomware code suite that is effective and hard to detect.

At the recent SANS Cyber Threat Intelligence Summit, two CrowdStrike cybersecurity leads, Senior Security Researcher Sergei Frankoff and Senior Intelligence Analyst Eric Loui, offered details on an emerging major ransomware actor they call Sprite Spider. Like many other ransomware attackers, the gang behind Sprite Spider’s attacks has grown rapidly in sophistication and damage capacity since 2015.

Today Sprite Spider is poised to become one of the biggest ransomware threat actors of 2021 and has a threat profile on par with what advanced persistent threat actors were five or ten years ago. Sprite Spider’s rise as a sophisticated threat is not surprising given that it, like many other organized ransomware gangs are filled with hackers who are often gainfully employed by nation-state threat actors.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Dev Leigh on Unsplash

 

Articles

Egregor ransomware group explained: And how to defend against…

Newly emerged Egregor group employs “double ransom” techniques to threaten reputational damage and increase pressure to pay.

Egregor is one of the most rapidly growing ransomware families. Its name comes from the occult world and is defined as “the collective energy of a group of people, especially when aligned with a common goal,” according to Recorded Future’s Insikt Group. Although descriptions of the malware vary from security firm to security firm, the consensus is that Egregor is a variant of the Sekhmet ransomware family.

It arose in September 2020, at the same time the Maze ransomware gang announced its intention to shut down operations. Affiliates who were part of the Maze group appear, however, to have moved on to Egregor without skipping a beat.

Insikt and Palo Alto Networks’ Unit 42 think Egregor is associated with commodity malware such as Qakbot, which became prominent in 2007 and uses a sophisticated, evasive worm to steal financial credentials, as well as other off-the-shelf malware such as IcedID and Ursnif. These pieces of malware help attackers gain initial access to victims’ systems.

All security researchers seem to agree with Cybereason’s Nocturnus Team that Egregor is a rapidly emerging, high-severity threat. According to security firm Digital Shadows, Egregor has claimed at least 71 victims across 19 different industries worldwide

This article appeared in CSO Online. To read the rest of the article please visit here.

 

 

Articles

Ransomware attacks growing in number, severity: Why experts believe…

lead centered=”no”
Law enforcement and federal experts discuss recent ransomware trends and challenges of fighting the attacks.
/lead

Ransomware has become the most chronic and common threat to digital networks. At a time when 41% of all cybersecurity insurance claims flow from ransomware attacks, it’s no surprise that ransomware is top of mind for leading security experts, government officials and law enforcement leaders.

“I think ransomware is going to get worse and I hate to say it, but it’s almost the perfect crime,” Mark Weatherford, chief strategy officer and board member of the non-profit National Cyber Security Center, told attendees at the third annual Hack the Capitol event. “It’s easy to pull off and it’s almost impossible to get caught.”

While major ransomware events grab all the headlines, Weatherford worries about the smaller victims of ransomware attackers. “Small- and medium-sized businesses simply don’t have the resources or the technical acumen to understand the threat environment that they live in,” he said.

Sometimes it can seem like a ransomware attack is inevitable. “A lot of my friends in companies that I talk to on a regular basis literally are waiting for that shoe to drop when they are the victim of a big ransomware event,” Weatherford said.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Michael Geiger on Unsplash