In a previous blog "How Safe is Your Critical Infrastructure?" I wrote about the importance of protecting systems that support our lives, including water, transportation, communication, emergency, and especially energy generation systems.
Previously, we looked at cyber hygiene and presented some guidelines to help prevent your organization from becoming a victim of cyber-crime. In this blog, we will review a recent cyber attack on critical infrastructure, and take a look at a more detailed and authoritative definition of cyber hygiene, plus provide a resource where you can learn more about this vital topic.
Recent news reports told the story of a cyber-attack with potentially huge implications for safety. The Colonial Pipeline Company announced that on May 7, they were the victim of a cyber security attack that forced them to shut down their system.
According to the American Petroleum Institute, there are about 190,000 miles of liquid petroleum pipelines across the United States. These systems carry crude oil to refineries, and then refined fuels such as gasoline or aviation fuels to terminals and airports. There are an additional 2.3 million miles of natural gas pipelines, the vast majority of which are distribution and supply systems for home heating.
Disruption of these systems can have huge implications to the economy, the environment, and our individual safety.
The Colonial Pipeline Company operates possibly the largest refined products pipeline system in the United States. Stretching 5,500 miles from Texas to New York, the pipeline carries millions of barrels of gasoline, diesel and jet fuel between the Gulf Coast and the Northeast.
Who was behind the cyber attack?
Reports from the FBI and news outlets have attributed the cyber security attack against Colonial to a relatively new hacking organization known as "DarkSide." DarkSide does not appear to be a state sponsored enterprise. They are a criminal organization that creates "ransomware" and uses it to infiltrate systems and computer networks, encrypt data, and then demand a ransom to release the data.
DarkSide appears to operate as a "service model," creating the ransomware software and helping other hacking organizations carry out the cyber attack. And these attacks seem to follow the "double extortion" trend, meaning they hold the data ransom, and then threaten to expose sensitive company information to the public if the demands are not met. This essentially makes system backups and data replication moot.
Other Impacts on Critical Infrastructure
It’s worth mentioning that not all disruptions to critical infrastructure are due to malware or ransomware.
There are countless systems, many of which you never see, that modern life depends upon. For example, global commerce was impacted when the Ever Given container ship blocked the Suez Canal in March of 2021. This may or may not have impacted you directly. But there were many companies from product manufacturers, to shipping companies, and a whole host of organizations that support them, that lost millions when products could not get to market.
An unprecedented Arctic freeze hit Texas in February of 2021, causing rolling blackouts and power outages. Several large cities were suddenly in darkness as the power grid could not keep up with demand. One major factor of the power shortage was the freezing temperatures that impacted all energy supplies, but mostly wind turbines that needed to be taken offline due to the cold. And while Texas is the top crude oil and natural gas producing state in the USA, according to the US Energy Information Administration, it also produces about 28% of all U.S. wind-powered electricity, also leading the nation.
Repercussions from the Latest Cyber-Attack
It did not take long to see the impacts of the Colonial Pipeline being taken offline. Shortages caused long lines at gas stations as people filled up the tanks of their cars. The long lines could have been caused by actual disruption in supply, or just people panic hoarding. It does not matter as the perception of supply disruption can sometimes cause as many issues as an actual one.
Airlines faced a few issues. For example, American Airlines announced that two long haul flights out of Charlotte Douglas International Airport had been impacted due to the fuel supply shortage. Formerly direct flights to Honolulu and London stopped en route to either change aircraft or take on additional fuel.
Cyber Hygiene and Vulnerability Scanning is Critical!
We have no control over supply chain issues due to a navigation error of a ship, or impacts to major systems due to unusual weather patterns.
There are, however, many very important steps we can take to prevent becoming a victim of cyber-crime or a ransomware attack. We call this practicing good cyber hygiene, and it is a foundational defense against criminals who want to do you harm.
Cyber hygiene and vulnerability scanning are vital processes to effectively minimize risk and exposure to cyber-crime.
What is Vulnerability Scanning?
Vulnerability scanning is the process that inventories all endpoints in an environment (servers, desktops, notebooks, virtual machines, etc.), and then identifies the operating system, software and configuration on each, to determine which may potentially be exposed to a vulnerability.
What is Cyber Hygiene?
The Center for Internet Security (CIS) defines cyber hygiene as a set of baseline practices that preemptively protect organizations from cyber threats. Cyber hygiene has to cover every device in your ecosystem, whether it’s on-premises or remote, so the implementation can be more difficult than the theory.
CIS identified six fundamental principles for effective cyber hygiene that focus heavily on endpoint hardening. These principles are practical and actionable, and they’re relevant to almost any organization’s IT ecosystem.
1. Inventory and control of hardware assets
2. Inventory and control of software assets
3. Continuous vulnerability management
4. Controlled use of administrative privileges
5. Secure configuration for hardware and software on mobile devices, laptops, workstations, and servers
6. Maintenance, monitoring, and analysis of audit logs
Automox has a terrific resource where you can learn more about effective cyber hygiene practices. Our free eBook Avert Cyber Attacks With Proactive Endpoint Hardening will help you interpret and apply the CIS principles and teach you how proactive endpoint hardening can help you remediate zero-day vulnerabilities within 24 hours, and critical vulnerabilities within 72 hours.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, macOS, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.
