Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Hackers Spark Major Gas Crisis Throughout the Southern U.S.

Hackers Spark Major Gas Crisis Throughout the Southern U.S.

You’ve probably heard by now, a Russia-based hacking collective by the name of DarkSide targeted Colonial Pipeline, a company that supplies nearly 45 percent of the fuel used along the Eastern Seaboard of the United States, with a ransomware attack. Not only does this hack have an effect on fuel prices and availability, it highlights just how vulnerable much of the nation’s energy infrastructure is. Let’s discuss the details of the hack and the raging discussion about cybersecurity that’s happening as a result. 

The Facts Surrounding the Hack

On Friday, May 7, 2020, Colonial Pipeline had to shut down operations after a ransomware attack threatened to spread into critical systems that control the flow of fuel. Almost immediately gas prices started to jump in the region, averaging around six cents per gallon this week. The pipeline, which runs from Texas to New York, transports an estimated 2.5 million barrels of fuel per day. The shutdown has caused some fuel shortages and caused panic buying in some southern U.S. states. Administrators said that the ransomware that caused the precautionary shutdown did not get into core system controls but also mentions that it will take days for the supply chain to get back up and running as usual again. 

Who Is DarkSide?

The hacker group DarkSide is a relatively new player, but it has set its sights high. The group claims to be an apolitical hacking group that is only out to make money.  In fact, they put out the following statement after the FBI started a full-scale investigation of the group:

“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

DarkSide seems to be a professionally-run organization that deals in ransomware. They follow what is called the Ransomware-as-a-Service model, where hackers develop and sell their ransomware to parties looking to conduct operations like the one that stymied Colonial Pipeline. They also are known for their “double extortion” methodology, where they threaten to take the data they encrypt public if their demands aren’t met. Their ransom demands are paid through cryptocurrency and have only been in the six-to-seven figure range. 

What’s interesting is that the group seems to have its own code of ethics, stating that they will never attack hospitals, schools, non-profits, or government agencies. Either way, their current attempt at extortion has made a mess for millions of Americans. 

Problems Securing Infrastructure

Even before the world completely changed, cybersecurity analysts were recommending that more had to be done to protect aging utility systems around the world. Back in 2015, hackers took down a power grid in Ukraine and left 250,000 people without electricity, and it caused some movement to improve system security, but nowhere near as much as is required. Now, with the push to use renewable energy and more efficient systems of deployment, more technology has been added to these systems than at any time in history. These smart systems, coupled with a resounding lack of security, means that the next cybersecurity catastrophe is just around the corner. 

The pandemic didn’t help matters. Systems that are being updated are increasingly being connected to public and private networks for remote access. All it takes is one vulnerability and hackers can exploit and take control of systems that affect the lives of millions of Americans. Hackers causing a gas shortage is scary, but hackers taking down power grids or other systems that the public depends on to live could be looked at as an act of war.

The scariest part is it seems as though no system is immune to these problems. According to CISA, the Colonial Pipeline hack is the fourth major cyberattack of the past year. You have the Solar Winds breach that allowed Russian Intelligence to infiltrate thousands of corporate and government servers; an attack where Chinese nationals rented servers inside the U.S. to invade a still unnumbered amount of Microsoft Exchange servers; and a still-unknown hacker that hijacked a tool called Codecov to deploy spyware on thousands of systems.

Microsoft is widely renowned as being at the forefront of cybersecurity and Solar Winds is itself a cybersecurity company. This tells you a little bit about where we are about protecting essential systems. It’s not a good situation.

While you can’t always worry about cybersecurity everywhere you are, you have to prioritize it for your business. If you want to talk to one of our security experts about your cybersecurity, give 415 IT a call today at (415) 295-4898.

Password Best Practices from the National Institut...
A Company’s Boss Needs to Take the Lead on Cyberse...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, June 16 2021

Captcha Image

By accepting you will be accessing a service provided by a third-party external to https://web.415it.com/

Mobile? Grab this Article

QR Code

Tag Cloud

Security Tip of the Week Technology Productivity Best Practices Business Computing Data IT Support Network Security Data Backup Privacy Cloud Hosted Solutions Internet IT Services Software Data Recovery Business Efficiency Email Managed IT Services Hackers Small Business Google User Tips Mobile Device Innovation Phishing Malware Collaboration VoIp Communication Business Management Hardware Cybersecurity Workplace Tips Outsourced IT Android Backup Computer Cloud Computing Upgrade Smartphone Managed Service Mobile Devices Quick Tips Tech Term Microsoft Windows 10 Business Continuity Disaster Recovery Smartphones Covid-19 Communications Ransomware Passwords Remote Work Managed Service Provider Users Saving Money Paperless Office Encryption Browser Network Data Management Wi-Fi Windows Internet of Things Artificial Intelligence Office 365 Server BDR Business Technology Remote Monitoring Managed IT Help Desk Social Media Compliance Holiday Government Document Management Save Money Microsoft Office Healthcare Windows 7 Vulnerability Scam Information Chrome Miscellaneous Laptops Health Remote Facebook Automation Managed Services Data Security Applications Blockchain Managed IT services Virtualization Employer-Employee Relationship Two-factor Authentication Processor Vendor Management Redundancy Gadgets Mobile Office Avoiding Downtime Meetings Analytics Antivirus Bandwidth Machine Learning Office BYOD Training Infrastructure Project Management Tip of the week Wireless Password Hard Drive RMM Maintenance IT Management VPN Proactive Networking Storage Customer Relationship Management Router Remote Worker HIPAA Files Access Control Information Technology Virtual Private Network Employees Time Management OneDrive Website Employee-Employer Relationship Patch Management Company Culture Software as a Service Net Neutrality Mobility Apps WiFi IoT Data Loss Regulations Smart Devices Tablet Management Social Network Current Events Server Management Alert Internet Exlporer Conferencing Dark Web Augmented Reality File Sharing Smart Technology Spam Computing Assessment Authentication File Management Monitoring Holidays Network Management Search Utility Computing Bring Your Own Device Payment Cards Consultation Remote Monitoring and Management Voice over Internet Protocol Co-Managed IT Financial Mobile Security Remote Computing Display Flexibility Operating System Unified Communications Electronic Health Records Telephone Mobile Instant Messaging Recycling Professional Services Consulting Downtime The Internet of Things Word Gmail Cooperation Data Breach Risk Management Free Resource Unified Threat Management Vendor Customer Service Money Managed Services Provider Mobile Device Management Data Storage Remote Workers Big Data Images 101 Nanotechnology Wires Gamification Computing Infrastructure MSP Finance Techology Chatbots Wasting Time End of Support Microsoft Excel Point of Sale Tech Terms CIO applications Digitize Ergonomics Mirgation CRM Mobile Computing Fraud Printing Wearable Technology Star Wars Employer/Employee Relationships Apple Human Error Technology Laws Enterprise Content Management Computers Windows Server Google Calendar Customer Relationships Emergency Multi-Factor Security App Hard Disk Drives Sensors Alerts Outlook Disaster Resistance Identity Theft Enterprise Resource Planning Database Windows Server 2008 Gifts Websites E-Commerce Theft Shadow IT Travel Vendors Cache Notes Content Filtering Virtual Reality Electronic Medical Records Printer Geography User Management Innovations Proactive Maintenance Solid State Drive Firewall OneNote Permission Unified Threat Management Social Networking Screen Reader Solid State Drives Outsource IT Comparison Licensing Authorization Shortcut Proactive IT Identity Projects Hacker SaaS Features Outsourcing Value of Managed Services Technology Tips Analysis Politics PowerPoint Data Warehousing Modem High-Speed Internet Teamwork IT Legislation YouTube Touchscreen Hacking Private Cloud Lenovo Tech Support Cybercrime Peripheral Cyber security Distributed Denial of Service How To Test G Suite Procurement Samsung Smart Tech Options Laptop Specifications WPA3 IT Consulting Optimization Return on Investment CES Video Conferencing Digital Payment 2FA Hotspot Banking Operations Heating/Cooling SharePoint Development Shared resources Business Telephone Going Green Videos Trending Bookmarks ROI Superfish IT Technicians Cost Management Database Management PCI DSS Managed IT Service Mail Merge User Error Motherboard Chromebook Cyberattacks Social Connectivity 5G Remote Working Mobile VoIP Black Friday Fleet Tracking Zero-Day Threat Settings Virtual Machines Personal Information Statistics Cables Manufacturing Biometric Mouse Language Migration eWaste Virtual Assistant Bitcoin Reviews Servers Downloads Cookies IT Assessment Batteries Media Favorites GDPR Break Fix Address Vulnerabilities Bluetooth Read Only Security Cameras Wireless Internet Budget Cyber Monday Staff Recovery Asset Tracking Backup and Disaster Recovery Managing Stress Transportation Credit Cards Active Directory Permissions Marketing Printers Education CEO Students Daniel Stevens Regulation Twitter

Latest Blog

The first half of this year has seen its fair share of ups and downs, especially on a global scale. With a global pandemic still taking the world by storm, it’s despicable that hackers would take advantage of the opportunity to make a quick buck using phishing tactics. Yet, ...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...