© Provided by Daily MailMailOnline logo
Cyberattacks on US soil are 'here to stay' a Joe Biden official warned Sunday, following a sophisticated ransomware attack on the largest gasoline pipeline in the country.
The pipeline remained shut as of Sunday evening with its operator declining to say when it would reopen. Colonial Pipeline said it will bring the full system back online 'only when we believe it is safe to do so'.
Commerce Secretary Gina Raimondo had earlier warned Sunday: 'This is what businesses now have to worry about.
'Unfortunately, these sorts of attacks are becoming more frequent. They're here to stay, and we have to work in partnership with business to secure networks to defend ourselves against these attacks.'
Raimondo confirmed President Joe Biden was briefed on the matter Saturday.
She told CBS Face the Nation: 'We are working closely with the company, state and local officials, to make sure that they get back up to normal operations as quickly as possible and there aren't disruptions in supply.'
Bloomberg News, citing people familiar with the matter, said hackers took nearly 100 gigabytes of data out of Colonial's network on Thursday a day ahead of the pipeline shutdown before demanding a ransom. It is not known if any ransom has been paid.
Experts said that the incident should serve as a wake-up call to companies about the vulnerabilities they face. Sen. Bill Cassidy said: 'The implications for this, on our national security, cannot be overstated.'
© Provided by Daily MailCommerce Secretary Gina Raimondo had earlier warned Sunday: 'This is what businesses now have to worry about. 'Unfortunately, these sorts of attacks are becoming more frequent'
© Provided by Daily MailThe Colonial Pipeline runs from Texas to New Jersey and carries 100 million gallons of fuel daily
A prolonged shutdown of the line, described as the 'jugular of infrastructure' by one analyst, would cause prices to spike at gasoline pumps ahead of peak summer driving season, a potential blow to U.S. consumers and the economy.
In a Saturday statement, Colonial Pipeline said that it 'proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.'
The hackers are likely a professional cybercriminal group, and a group dubbed 'DarkSide' was among the potential suspects, two U.S. government officials told Reuters.
DarkSide is known for deploying ransomware and extorting victims - while avoiding targets in post-Soviet states. It is believed to be based in Russia.
DarkSide first emerged in August 2020, and has used its ransomware on companies including CompuCom, an Office Depot subsidiary, as well as a Canadian division of rental car company Enterprise.
According to data security firm Arete, DarkSide finds vulnerabilities in a network, gains access to administrator accounts, and then harvests data from the victim's server and encrypts it.
The software leaves a ransom note text file with demands.
Ransoms average more than $6.5 million, Arete said, and the attacks lead to an average of five days of downtime for the business.
There are now fears of a major spike in gas, oil and diesel prices after the 'jugular' of the U.S. fuel pipeline system was forced to suspend operations.
The Colonial Pipeline is responsible for transporting more than 100 million gallons of fuel - 2.5 million barrels - daily through pipelines laid out between Texas and New Jersey.
It also serves some of the largest U.S. airports, including Atlanta's Hartsfield Jackson Airport, the world's busiest by passenger traffic.
One energy expert telling Politico it is 'the most significant and successful attack on energy infrastructure we know of in the United States.'
The Georgia-based company has hired an outside cybersecurity firm to investigate the nature and scope of the attack and federal agencies have been called in to assist.
Other experts predict that a prolonged shutdown could cause a surge in the price of gas, oil and diesel - particularly across the eastern half of the country.
One told Newsweek that motorists should expect a price surge at the pump if the outage lasts five or more days, which would result in a shortage.
© Provided by Daily MailThere are fears of a major spike in gas, oil and diesel prices after the 'jugular' of the U.S. fuel pipeline system was forced to suspend operations following a sophisticated cybersecurity attack
© Provided by Daily MailOne expert told Newsweek that motorists should expect a price surge at the pump if the outage lasts five or more days, which would result in a shortage
What is DarkSide?
DarkSide is a group of hackers which first emerged in August 2020, with a press release declaring their formation.
Since then, they have become known for their professional operations and large ransoms.
The group has a phone number and even a help desk to facilitate negotiations with victims.
Believed to be based in Russia, they have targeted Enterprise rental cars, Canadian real estate firm Brookfield Residential, and an Office Depot subsidiary.
They have publicly stated that they prefer not to attack hospitals, schools, non-profits, and governments, but rather big organizations that can afford to pay large ransoms.
'Before any attack, we carefully analyze your accountancy and determine how much you can pay based on your net income,' the press release reads.
They avoid targets in former Soviet states.
However, another energy analyst is pleading for calm at the present moment.
'The challenges brought on by the Colonial Pipeline shut down would likely not appear for several days or longer,' Patrick De Haan told the publication.
'My guess is they'll be able to restart the pipeline before any major issues develop.'
The price of diesel, gas and oil previously spiked in 2017, following a temporary shutdown of the Colonial Pipeline caused by a leak.
Colonial Pipeline is responsible for the largest spill in North Carolina's history and one of the largest in the country's history, when 1.2 million gallons flowed out in Huntersville in August 2020.
The only reason it was discovered was when two teenagers stumbled across the site and reported it.
However, this deliberate and nefarious attack has many alarmed at the security vulnerabilities of utility companies which provide essential services to the American people.
Mike Chapple, teaching professor of IT, analytics and operations at the University of Notre Dame's Mendoza College of Business and a former computer scientist with the National Security Agency, said systems that control pipelines should not be connected to the internet and vulnerable to cyber intrusions.
'The attacks were extremely sophisticated and they were able to defeat some pretty sophisticated security controls, or the right degree of security controls weren´t in place,' Chapple said.
© Provided by Daily MailThe attack on Colonial Pipeline took place Friday, and affected some of its information technology systems. Operations remain shutdown as of early Sunday morning
Anne Neuberger, the Biden administration's deputy national security adviser for cybersecurity and emerging technology, said in an interview with The Associated Press back in April that the government was undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks.
She said the goal was to ensure that control systems serving 50,000 or more Americans have the core technology to detect and block malicious cyber activity.
Since then, the White House has announced a 100-day initiative aimed at protecting the country's electricity system from cyberattacks by encouraging owners and operators of power plants and electric utilities to improve their capabilities for identifying cyber threats to their networks.
It includes concrete milestones for them to put technologies into use so they can spot and respond to intrusions in real time.
The Justice Department has also announced a new task force dedicated to countering ransomware attacks in which data is seized by hackers who demand payment from victims in order to release it.
Read more