2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware

  /     /     /  
Publicated : 23/11/2024   Category : security


2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware


Sweeping changes implemented since the May 2021 cyberattack are helping — but more work remains to be done, security experts say.



As the second anniversary of the massive ransomware attack on Colonial Pipeline nears, experts warn that efforts to thwart the potentially debilitating threat to US critical infrastructure have not been enough.
The cyberattack on its IT infrastructure forced Colonial Pipeline to shut down its entire operations for the first time ever, triggering a fuel shortage and price hikes that prompted four US states along the East Coast to declare a state of emergency.
The incident immediately elevated ransomware to a national security level threat
and galvanized concerted action from the Executive Branch down.
Since the attack — and another one shortly thereafter on JBS that threatened domestic meat shortages — the US government has said it would treat the use of ransomware
on critical infrastructure as terrorism
. An Executive Order signed by President Biden just days after the Colonial Pipeline attack mandated new security requirements for critical infrastructure organizations. And there have been numerous other initiatives at the federal level and by regulatory bodies to bolster resilience to attacks on US critical infrastructure.
However, two years on, the ransomware threat to critical infrastructure remains high, as
a recent attack on Americas largest cold-storage provider, Americold,
showed. The attack — like the one on Colonial Pipeline — forced Americold, to shut down cold-storage operations while it worked to remediate the threat. Last year 870 of the 2,385 ransomware complaints that the FBI received involved critical infrastructure organizations. The
FBIs data
showed 14 of the 16 designated critical infrastructure sectors had at least one ransomware victim.
The trend continues unabated in 2023: BlackFogs State of Ransomware Report for April 2023 showed ransomware attacks on healthcare, government, and the health sector are
continuing to grow
, despite other vendor reports of a slowdown in attack volumes.
Security experts view the situation as one where for all the work done so far, theres a lot more to do.
Theresa Payton, CEO at Fortalice Solutions and a former CIO at the Executive Office of the President at the White House, ticks off several measures since Colonial Pipeline that she considers positive steps in the fight against ransomware. They include President Bidens
Executive Order 14028
on Improving the Nations Cybersecurity,
National Security Memorandum 5
targeted specifically at critical infrastructure control systems, and efforts to establish zero-trust cybersecurity models in federal agencies under
M-22-09
. Also notable are measures such as the
Cyber Incident Reporting for Critical Infrastructure Act
and the cybersecurity provisions in the
Bipartisan Infrastructure
bill.
The FBIs
systematic dismantling of the highly destructive Hive ransomware group
is another indication of progress, Payton says.
Whats needed now, she explains, are more specific directives for critical infrastructure organizations. We must evolve the minimum cybersecurity requirements for critical sectors [and enhance] standards for authentication and identity proofing to prevent ransomware incidents from occurring, she says.
Critical infrastructure organizations like Colonial Pipeline should adopt zero-trust principles to prevent ransomware attacks, especially as social engineering becomes more realistic, sophisticated, persistent, and complex, Payton says.
Mike Hamilton, former CISO of Seattle and current CISO of cybersecurity firm Critical Insight, says Colonial Pipelines attack exposed a lack of good procedures among US infrastructure operators for recovering from a serious cyberattack.
Once Colonial shut down the pipeline operation out of an abundance of caution, it took far too long to restart, which lengthened the existing fuel supply problem, he says. This is a resilience issue. You need to be able to take a punch and get off the mat before that ten-count is over.
In the two years since the Colonial Pipeline incident, US government entities have worked at making ransomware attackers harder and costlier for attackers, Hamilton notes. The Treasury Department, for instance, has used its existing Office of Foreign Assets Control (OFAC) authority to ban the use of crypto exchanges for extortion payments. The US Department of Justice has also been more aggressive in proactively taking down criminal infrastructure and apprehending criminals.
Going forward, the emphasis must be on defending and taking out criminal infrastructure, he says. Identify and sanction criminals for eventual capture and incarceration and prohibit ransomware victims from making payments, Hamilton says.
The US Cybersecurity and Infrastructure Agency (CISA) too has been taking an active role in getting federal agencies to bolster defenses against ransomware and other cyber threats.
The agencys Known Exploited Vulnerabilities catalog, for instance, requires all civilian government agencies to patch vulnerabilities that are being actively exploited within a specific timeframe — usually two weeks — to minimize exposure to cyberthreats. More recently, CISA launched a
Ransomware Vulnerability Warning Pilot (RVWP)
program to warn organizations in critical infrastructure sectors about systems with vulnerabilities in them that a ransomware attacker could exploit. In March 2023, CISA launched a related
Pre-Ransomware Notification Initiative
where it has been warning organizations about ransomware actors on their networks so they can remove the threat before any data encryption happens.
The programs are part of CISAs Joint Cyber Defense Collaborative (JCDC) through which the agency receives tips and threat information from cybersecurity researchers, infrastructure players and threat intelligence firms.
CISA has recognized the threat of ransomware to critical infrastructure, says Mariano Nunez, CEO and co-founder of Onapsis. Since the beginning of the year, they have already flagged over 60 organizations in the healthcare, utilities, and other sectors, about potential pre-ransomware threats on their networks, he says.
Such help is vital because ransomware attacks on critical infrastructure are growing, Nunez says.
The attack surface will continue to grow as utilities and critical infrastructure become more connected, or interconnected, online, he notes. Moving to the cloud can also present some issues as this shift can make it more difficult to monitor active threats and assess vulnerabilities in a timely fashion.
One factor that could complicate efforts to address the ransomware problem is a growing tendency by victims to either delay reporting an incident or covering it up entirely if possible.
According to BlackFog, its research indicates that organizations concerned about the potential damage to their brands, reputation, and customer relationships are delaying and sometimes not reporting a ransomware incident.
We now see more than 90% of all attacks no longer encrypt the victims devices but simply exfiltrate the data and extort everyone, says Darren Williams, CEO and founder of BlackFog. The costs of exposure are simply too high; loss of business, remediation, regulatory fines, and class action lawsuits are just a few of the problems to deal with.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
2 Years After Colonial Pipeline, US Critical Infrastructure Still Not Ready for Ransomware