Major news organizations are reporting: A hacker group called DarkSide is reportedly behind the cyberattack on Colonial Pipeline that shut down a major oil pipeline over the weekend..
DarkSide makes ransomware hacking tools, but only largely goes after for-profit companies from English-speaking countries.
MORE:
According to Boston-based Cybereason, DarkSide is an organized group of hackers set up along the “ransomware as a service” business model, meaning the DarkSide hackers develop and market ransomware hacking tools, and sell them to other criminals who then carry out attacks. Think of it as the evil twin of a Silicon Valley software start-up.
A cyberattack forced the shutdown of one of the largest pipelines in the United States, in what appeared to be a significant attempt to disrupt vulnerable energy infrastructure. The pipeline carries refined gasoline and jet fuel up the East Coast from Texas to New York.
ALL OPERATIONS WERE HALTED FRIDAY
x x x
The operator of the system, Colonial Pipeline, said in a statement late Friday that it had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the attack on its computer networks. Earlier Friday, there were disruptions along the pipeline, but it was unclear whether that was a direct result of the attack.
MORE..
In the statement, the company said that it learned on Friday that it “was the victim of a cybersecurity attack,” but it provided no details. Such an attack could involve malware that shut down its operations or ransomware demanding payment to unlock computer files or systems.
45% of the East Coast’s fuel supply is carried through one delivery system, operated by Colonial Pipeline, the victim of a cyberattack Friday. The shutdown was precautionary; company says attack did not impact delivery. But, that’s a lot of dependency on one company…
Again, this is supplies half of the East Coast’s gas and plane fuel..
The nationwide campaign by DHS and the FBI began March 31 and includes 12 briefings and online webinars for electrical power infrastructure companies and others involved in security, with sessions in eight U.S. cities, including a session next week in Washington.
….
The briefings will outline the details of the attacks, the techniques used by the hackers, and strategies to be used to limit risks and improve cyber security for grid organizations.
Security researchers have concluded the attack was carried out by Russian government hackers based on the type of malicious software, called BlackEnergy, that was detected in the incident.
The threat briefings followed an internal DHS intelligence report published in January that stated the risk of a cyber attack against U.S. electrical infrastructure was low.
“We assess the threat of a damaging or disruptive cyber attack against the U.S energy sector is low,” the report, labeled “for official use only,” says.
