[Security Weekly] US Pipeline Suffers Ransomware Attack Causing Nationwide Fuel Shortage
2nd Week of May 2021
1. US pipeline suffers ransomware attack causing fuel shortage in 17 states
Colonial Pipeline, the largest pipeline in the United States supplying fuel to 45% of the East Coast, suffered a ransomware attack that paralyzed its IT and OT systems, halting all pipeline operations. Colonial Pipeline delivers refined gasoline, diesel, jet fuel, home heating oil, as well as fuel for the military.
The attack occurred on May 7, and directly affected fuel supply in 17 states from New Jersey to Texas, as well as D.C. To cope with the shortage, the US Department of Transportation (DOT) issued a Regional Emergency Declaration that made law exemptions on transporting fuel by road.
Colonial Pipeline said in a statement on May 10 that it was working on the recovery process and expected to restore its service “by the end of the week (May 16)”. At the same time, the FBI identified the attackers to be Russian-based hacker group DarkSide, infamous for running a ransomware-as-a-service business. There appeared to be no verified ties to the Kremlin.
An attack on critical infrastructure may cause severe consequences to the economy. Experts have already observed noticeable oil price spikes due to the incident. If the pipeline were to be shut down for longer periods, significant price spikes could spread from the US to Europe.
On May 14, it was confirmed that Colonial Pipeline paid a ransom of $5 million to the attackers and that systems were finally on their way to restoration. Given the surprisingly low ransom settlement for an attack of this scale, it appears that the attackers may have backed down after seeing such a massive response from both the US government and global media.
Sources: Threatpost, SC Media, Forbes, Reuters, Bloomberg
2. Patient details of US hospitals compromised after ransomware attack at CaptureRx
CaptureRx, a Texas-based IT administration company specializing in providing drug-related administrative services to healthcare organizations, has been notifying a number of hospitals and pharmacies about the exposure of their patients’ medical data.
According to CaptureRx, a ransomware attack on its IT systems was discovered back in February. It later confirmed on February 19 that files containing medical records were accessed by the attackers. These records included the patients’ names, dates of birth, and details of their drug prescription.
Over the next few months, CaptureRx slowly notified the owners of these leaked data, which included a growing list of hospitals and drug stores. Confirmed victims included Faxton St. Luke’s Healthcare and Lourdes Hospital in New York, UPMC Cole and UPMC Wellsboro in Pennsylvania, Gifford Health Care in Vermont, Bayhealth in Delaware, as well as a number of Walmarts and Thrifty Drug Stores across the US. Thousands of patient records were exposed from each organization.
Medical data are extremely vulnerable to ransomware attacks. This is why it is crucial to keep these databases encrypted with a column-level database encryption solution like D’Amo.
Sources: ZDNet, Becker’s Hospital Review, Healthcare IT News
3. US President Biden signs cybersecurity executive order calling for zero-trust security
On May 12, US President Joe Biden signed a long-awaited executive order on cybersecurity in the wake of recent supply chain attacks involving SolarWinds, Accellion FTA, and Microsoft Exchange Server.
The order requires all federal agencies to upgrade their cybersecurity measures based on three requirements: 1) to employ a zero-trust security model, 2) to create a safe environment for the adoption and use of cloud technology and have a plan ready within 60 days, and 3) to deploy multi-factor authentication (MFA) and encrypt all data both at rest and in transmission within 180 days.
Even though private enterprises are not affected by the executive order, implementing zero-trust security is beneficial for all organizations. A zero trust model emphasizes how an organization should not trust anyone from within or outside its network. This means an access and identity management (IAM) platform is necessary to verify the identity of every user before allowing them to connect to a network or service.
iSIGN+ is an IAM solution that enables single sign-on MFA, making it both easy and secure for all users.
Check out Penta Security’s product lines:
Web Application Firewall: WAPPLES
Database Encryption: D’Amo
Identity and Access Management: ISign+
Car, Energy, Factory, City Solutions: Penta IoT Security