The previous month in cybersecurity:
- The Colonial Pipeline Attack Sends People into a Panic
- President Biden Strengthens Cybersecurity Protocols
- CISA and the FBI Release Joint Cybersecurity Advisory
- Microsoft Launches Asia-Pacific Public Sector Cybersecurity Executive Council
- The World’s Largest Meat Producer Is Attacked
As April was winding down, cybercriminals were gearing up – for an attack on the Colonial Pipeline. Using a compromised virtual private network account that provided pipeline employees with remote access to the system, criminals were able to penetrate the company’s network and bring it to a screeching halt. They demanded a ransom of $4.4 million in cryptocurrency, which Colonial ultimately paid to restore operations.
The pipeline normally transports 2.5 million barrels of fuel each day across much of the Southeast and the US East Coast. With the pipeline shut down, fuel station operators were forced to rely on reserves. Most companies maintain a 10-day supply of fuel sufficient to cover normal consumption patterns in the case of an outage, but news of the pipeline shutdown sent many members of the public into a panic, with a run on gas stations quickly causing major shortages in multiple states and raising prices at the pump significantly. Even states like Florida, which receives very little fuel from the Colonial pipeline, saw shortages and price hikes due to consumers panicking.
It’s worth noting that no signs of phishing were discovered. The attackers were able to somehow discover both a username and password. However, the account did not use multi-factor authentication.
As the nation reeled from the effects of the Colonial pipeline shut down, President Biden issued an executive order designed to strengthen cybersecurity for federal government offices and agencies. The order includes a couple of very important points. First, it mandates that any software sold to the federal government must follow the defined cybersecurity standards and sets a nine-month timeline. Second, it mandates that developers of that software share their security data publicly.
Finally, it requires the government to use modern encryption technology and multi-factor authentication, while making it possible for federal agencies to share cybersecurity-related information via a government-wide endpoint detection and response system. Any vendor doing business with the federal government is also now required to report any security incidents to the government.
These are all steps that should have been taken before now, but it is heartening to see the government moving forward in a concerted way.
Just days after the Colonial pipeline attack, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a joint cybersecurity advisory. While it does not carry the power of law or even an executive order, the advisory does provide important guidance for companies within a wide range of sectors, including the energy, transportation, communications, and defense industries.
The advisory encourages companies within those sectors to increase security and improve their state of readiness, as more such attacks are expected. The guidance runs the gamut from preventing attacks through the use of multi-factor authentication and network traffic filtering to reducing the impact of attacks by implementing network segmentation and organizing assets into specific zones.
Much of the information in the advisory comprises current best practices, but if companies across these sectors implement them, doing so will greatly enhance infrastructure security.
At the end of May 2021, Microsoft announced the first-ever Asia Pacific Public Sector Cybersecurity Executive Council. According to Microsoft, the council “brings together a coalition of policymakers from government and state agencies, as well as technology and industry leaders, to build a strong communications channel for addressing cyber threats and sharing best practices across the participating countries.”
Just as the US was recovering from the cyberattack against the Colonial pipeline, attackers had another organization in their sights. This time, it was JBS, the world’s largest meat-production company. Unlike the Colonial attack, the JBS ransomware attack affected multiple nations around the world.
As a response to the threat, JBS was forced to shut down five of its most productive plants and suspend thousands of workers. That also reduced the beef supply to American restaurants, food production companies, grocery stores, and, ultimately, consumers by 25%. The company notified the Biden administration and the White House extended assistance in determining the extent of the damage and the source of the threat (which is thought to be a criminal group in Russia).
With yet another high-level target, it is clear that hackers have bigger plans and are becoming ever-more sophisticated. The question is – how will companies and governments step up to the plate?
Thanks for checking out the topics. We strive to highlight the most interesting cybersecurity events and topics, but if we’ve missed something, feel free to let us know! Join us again next month for another roundup.