fbpx
Connect with us

Cybersecurity

FBI names pipeline cyberattackers as company promises return

Associated Press

Published

 on

pipeline cyberattackers

Hit by a cyberattack, the operator of a major U.S. fuel pipeline said Monday it hopes to have services mostly restored by the end of the week as the FBI and administration officials identified the culprits as a gang of criminal hackers.

U.S. officials sought to soothe concerns about price spikes or damage to the economy by stressing that the fuel supply had so far not experienced widespread disruptions, and the company said it was working toward “substantially restoring operational service” by the weekend.

The White House said in a statement late Monday that it was monitoring supply shortages in parts of the Southeast and that President Joe Biden had directed federal agencies to bring their resources to bear.

Colonial Pipeline, which delivers about 45% of the fuel consumed on the East Coast, halted operations last week after revealing a ransomware attack that it said had affected some of its systems.

Nonetheless, the attack underscored the vulnerabilities of the nation’s energy sector and other critical industries whose infrastructure is largely privately owned. Ransomware attacks are typically carried out by criminal hackers who scramble data, paralyzing victim networks, and demand large payments to decrypt it.

The Colonial attack was a potent reminder of the real-world implications of the burgeoning threat. Even as the Biden administration works to confront organized hacking campaigns sponsored by foreign governments, it must still contend with difficult-to-prevent attacks from cybercriminals.

“We need to invest to safeguard our critical infrastructure,” Biden said Monday. Energy Secretary Jennifer Granholm said the attack “tells you how utterly vulnerable we are” to cyberattacks on U.S. infrastructure.

The attack came as the administration, still grappling with its response to massive breaches by Russia of federal agencies and private corporations, works on an executive order aimed at bolstering cybersecurity defenses. The Justice Department, meanwhile, has formed a ransomware task force designed for situations just like Colonial Pipeline, and the Energy Department on April 20 announced a 100-day initiative focused on protecting energy infrastructure from cyber threats. Similar actions are planned for other critical industries, such as water and natural gas.

Despite that, the challenge facing the government and the private sector remains immense.

In this case, the FBI publicly assigned blame Monday by saying the criminal syndicate whose ransomware was used in the attack is named DarkSide. The group’s members are Russian speakers, and the syndicate’s malware is coded not to attack networks using Russian-language keyboards.

Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, said at a briefing that the group has been on the FBI’s radar for months. She said its business model is to demand ransom payments from victims and then split the proceeds with the ransomware developers, relying on what she said was a “new and very troubling variant.”

She declined to say if Colonial Pipeline had paid any ransom, and the company has not given any indication of that one way or the other. Though the FBI has historically discouraged victims from making payments for fear of promoting additional attacks, she acknowledged “the very difficult” situation that victims face and said the administration needs to look “thoughtfully at this area” of how best to deter ransomware.

“Given the rise in ransomware, that is one area we’re definitely looking at now to say, ‘What should be the government’s approach to ransomware actors and to ransoms overall?'”

Speaking later in the day at a conference on national security, Neuberger said the administration was committed to leveraging the government’s massive buying power to ensure that software makers make their products less vulnerable to hackers.

“Security can’t be an afterthought,” Neuberger said. “We don’t buy a car and only then decide if we want to pay for seatbelts and airbags.”

The U.S. sanctioned the Kremlin last month for a hack of federal government agencies, known as the SolarWinds breach, that officials have linked to a Russian intelligence unit and characterized as an intelligence-gathering operation.

In this case, though, the hackers are not known to be working at the behest of any foreign government. The group posted a statement on its dark web site describing itself as apolitical. “Our goal is to make money, and not creating problems for society,” DarkSide said.

Asked Monday whether Russia was involved, Biden said, “”I’m going to be meeting with President (Vladimir) Putin, and so far there is no evidence based on, from our intelligence people, that Russia is involved, although there is evidence that the actors, ransomware, is in Russia.

“They have some responsibility to deal with this,” he added.

U.S. officials have sought to head off anxieties about the prospect of a lingering economic impact and disruption to the fuel supply, especially given Colonial Pipeline’s key role in transporting gasoline, jet fuel, diesel and other petroleum products between Texas and the East Coast.

Colonial is in the process of restarting portions of its network. It said Monday that it was evaluating the product inventory in storage tanks at its facilities. Administration officials stressed that Colonial proactively took some of its systems offline to prevent the ransomware from migrating from business computer systems to those that control and operate the pipeline.

In response to the attack, the administration loosened regulations for the transport of petroleum products on highways as part of an “all-hands-on-deck” effort to avoid disruptions in the fuel supply.

“The time of the outage is now approaching critical levels and if it continues to remain down we do expect an increase in East Coast gasoline and diesel prices,” said Debnil Chowdhury, IHS Markit Executive Director. The last time there was an outage of this magnitude was in 2016, he said, when gas prices rose 15 to 20 cents per gallon. The Northeast had significantly more local refining capacity at that time.

The pipeline utilizes both common and custom technology systems, which could complicate efforts to bring the entire network back online, according to analysts at Third Bridge.

Granholm, the Energy Secretary, said “Cyber attacks on our critical infrastructure — especially energy infrastructure — is not going away.”

“This is a serious example of what we’re seeing across the board in many places and it tells you that we need to invest in our systems, our transmission grid for electricity. We need to invest in cyber defense in these energy systems,” she told Bloomberg TV.

The attack has not affected the supply of gasoline, she said, “but if it goes on too long, of course that will change.”

Gasoline futures ticked higher Monday. Futures for crude and fuel, prices that traders pay for contracts for delivery in the future, typically begin to rise anyway each year as the driving season approaches. The price you pay at the pump tends to follow.

The average U.S. price of regular-grade gasoline has jumped 6 cents over the past two weeks, to $3.02 per gallon, which is $1.05 higher than a year ago. The year-ago numbers are skewed somewhat because the nation was going into lockdown due to the pandemic.

The attack on the Colonial Pipeline could exacerbate the upward pressure on prices if it is unresolved for a period of time.


WASHINGTON (AP) — By ERIC TUCKER, CATHY BUSSEWITZ and ALAN SUDERMAN Associated Press

Associated Press writers Frank Bajak in Boston and Matthew Daly in Washington contributed to this report.

Advertisement

Cybersecurity

McDonald’s latest company to be hit by a data breach

Associated Press

Published

 on

McDonald's Data Breach

McDonald’s has become the latest company to be hit by a data breach after unauthorized activity on its network exposed the personal data of some customers in South Korea and Taiwan.

McDonald’s Corp. said Friday that it quickly identified and contained the incident and that a thorough investigation was done.

“While we were able to close off access quickly after identification, our investigation has determined that a small number of files were accessed, some of which contained personal data,” the burger chain said.

McDonald’s said its investigation determined that only South Korea and Taiwan had customer personal data accessed, and that they would be taking steps to notify regulators and also the customers who may be impacted. No customer payment information was exposed.

McDonald’s said it will look at the investigation’s findings, coupled with input from security resources, to identify ways to further enhance its existing security measures.

Businesses across various sectors are being targeted by cybercriminals, including some very high profile cases in recent weeks. On Wednesday, JBS SA, the world’s largest meat processing company, revealed that it had paid the equivalent of $11 million to hackers who broke into its computer system last month.

And Colonial Pipeline, which transports about half of thec fuel consumed on the East Coast, last month paid a ransom of 75 bitcoin — then valued at roughly $4.4 million — in hopes of getting its system back online. On Monday the Justice Department announced that it had recovered most of the ransom payment.


By MICHELLE CHAPMAN AP Business Writer.

Continue Reading

Cybersecurity

Swaths of internet down, outage at cloud company Fastly

Associated Press

Published

 on

Numerous websites went offline Tuesday after an apparent widespread outage at the cloud service company Fastly.

Dozens of high-traffic websites including the New York Times, CNN, Twitch, Reddit, and the U.K. government’s home page, could not be reached.

San Francisco-based Fastly acknowledged a problem just before 1000 GMT. It said in repeated updates on its website that it was “continuing to investigate the issue.”

About an hour later, the company said: “The issue has been identified and a fix has been applied. Customers may experience increased origin load as global services return.”

A number of sites that were hit early appeared to be coming back online.

Some visitors trying to access CNN.com got a message that said: “Fastly error: unknown domain: cnn.com.” Attempts to access the Financial Times website turned up a similar message while visits to the New York Times and U.K. government’s gov.uk site returned an “Error 503 Service Unavailable” message, along with the line “Varnish cache server,” which is a technology that Fastly is built on.

Down Detector, which tracks internet outages, said: “Reports indicate there may be a widespread outage at Fastly, which may be impacting your service.”

Fastly describes itself as an “edge cloud platform.” It provides vital behind-the-scenes cloud computing services to many of the web’s high profile sites, by helping them them to store, or “cache,” content in servers around the world so that it’s closer to users.


LONDON (AP).

Continue Reading

Cybersecurity

NY transit officials confirm cyberattack; say harm limited

Associated Press

Published

 on

NY transit officials confirm cyberattack; say harm limited

Hackers infiltrated computer systems for the Metropolitan Transportation Authority in New York, setting off a scramble to counter a potentially crippling cyberattack against North America’s largest transit system, MTA officials confirmed on Wednesday.

The officials said in a statement that that agency received an alert from the FBI and other federal agencies saying three of its 18 computer systems were put at risk.

The MTA insisted that it quickly shut down the attack. It said a follow-up forensic analysis also found that no sensitive information was stolen and that rail service for millions of riders each day and other operations were never compromised or disrupted.

“Importantly, the MTA’s existing multi-layered security systems worked as designed, preventing spread of the attack and we continue to strengthen these comprehensive systems and remain vigilant as cyberattacks are a growing global threat,” said Rafail Portnoy, the MTA’s chief technology officer.

The cyberattack was first reported on Wednesday by The New York Times, citing an internal document that was not made public. It was suspected that the breach had links to China, according to the Times.

A statement from the MTA did not mention China. There was no immediate response to requests for comment from the Department of Homeland Security, which is investigating the case.

The MTA systems appear to have been attacked on two days in the second week of April and continued at least until April 20, the Times reported. Hackers gained to systems used by New York City Transit — which oversees the subway and buses — and also the Long Island Rail Road and Metro-North Railroad, according to the MTA document, the newspaper said.


NEW YORK (AP)

Continue Reading

Trending