Logpoint comment the Colonial Pipeline anniversary
It will be a year since the Colonial Pipeline attack on 7 May. In response to this, we have sourced the following comment from Alon Schwartz, Security Researcher, Logpoint Global Services, which we thought might be of interest to your readers.
“Rather than dissipating, it’s clear that the threat to Critical National Infrastructure (CNI) post the Colonial Pipeline attack has never been greater. Ransomware has become the weapon of choice for financially and politically motivated threat actors. It ticks all the boxes, providing them with the means to solicit funds, carry out denial of service, espionage and sabotage, and to achieve notoriety. CNI such as power grid and telecoms companies have been targeted in the Ukraine conflict, for example, predominantly with Wiper ransomware.
Colonial Pipeline paid but then partially recovered the ransom through the FBI. Indications are that over half of businesses pay the ransom, fuelling further growth, because of their desperation to resume BAU. The rise of ransomware will be inexorable while these ransoms continue to be paid.
Lessons learned from Colonial Pipeline attack include the need for proper monitoring of IT & OT infrastructure without which the organisation is rendered blind. Visibility is a game changer, especially in the preliminary stage, and can be the difference between mitigating or falling victim to an attack. SIEM detection rules can alert the team to suspicious behaviour while those deploying UEBA or NTA (Network Traffic Analysis) can benefit from machine learning and AI to pick-up on sophisticated attack patterns such as lateral movement or data extraction.”