Fuel pipelines are critical pieces of infrastructure. Whenever they're disrupted, the resulting lack of fuel can cause shortages and price hikes everywhere they service. While most people picture a pipeline as a literal pipe full of oil, the truth is very different—modern fuel operations are very high tech. While this helps technicians keep things operating smoothly, it also leaves them ripe for hacking.
Colonial Pipeline provides diesel, gasoline, and jet fuels across hundreds of miles. Doing this requires more than a few pipes and pumps. Instead, Colonial has a very sophisticated, technologically advanced operation to monitor flow, pressure, and even anomalies like leaks and obstructions. When it comes to controlling an operation of this size, covering this kind of distance, human monitoring is no longer feasible. Instead, much of Colonial Pipeline is controlled by computers.
That's where things get complicated. Any time two computers have to communicate with each other over the internet, there's a potential opening for a cyber attacker. The more connectivity there is, the more opportunities it provides. A hacker wouldn't even need to attack one of Colonial's central computers directly. Instead, they could gain access to the system through any number of other avenues.
Imagine a typical office environment. An employee receives an official-looking email, sent from a company domain. It contains the usual company salutation and closing, and a link to a set of new company policies. The employee clicks the link. Without realizing it, they've just downloaded malware that has granted hackers access to their building's network.
If that sounds fairly straightforward, realize that the truth may be even simpler than that. A surprising number of successful hacking attempts happen as a result of social engineering—hackers simply call up an employee, and, through pure conversational skills and an ability to read people, get them to divulge their login information or other credentials. This is similar to what social media giant Twitter experienced in July of 2020.
The FBI confirmed that DarkSide was responsible for the attack. Once they had access to the system, there was no stopping them. Cybersecurity experts theorize that DarkSide may have had access for weeks, or even months, before deciding to launch an attack using ransomware.
Ransomware is a type of malware that presents a threat unless a ransom is paid. The ransomware may threaten to publish a victim's sensitive data, or permanently block access to it, their computer, or their network. A lot of ransomware isn't very sophisticated—a reasonably computer-savvy person can figure out how to free their data without paying the ransom—but DarkSide's is. It uses cryptoviral extortion, which encrypts a victim's data, and only provides a decryption key after the ransom is paid.
In addition to this, DarkSide's victims receive a link to a page containing their data, waiting to be published in the event that the ransom is not paid in time.
Since internet connectivity is what allows hacking to occur in the first place, the best prevention is to keep company data offline, or confined to an intranet that doesn't connect to the internet in any way. Unfortunately, this is becoming less and less feasible as the Internet of Things continues to grow. More devices rely on the internet to communicate with each other and share information like usage statistics, inventory information, and analytics. Most businesses wouldn't consider an IoT-enabled bathroom soap dispenser to be a security vulnerability, but, in the wrong hands, it can be.
Instead, businesses can ensure that their critical systems run on networks that don't connect to the outside world—a practice known as “air gapping.” Another option is to employ a robust cybersecurity strategy that's appropriate for a specific IoT ecosystem. Each business's internet usage is different, and what security measures work for one may be woefully inadequate for another. Regular cybersecurity audits and employee training to avoid social engineering hacks can help prevent problems like this in the future.
While this cyber attack made plenty of headlines, this is only because it targeted a piece of critical infrastructure. In reality, thousands of similar attacks happen every day, all around the world. It's up for business owners to implement appropriate measures to ensure that critical data stays away from the internet, and all internet-enabled devices are as well-protected as possible.
