Similarly, the U.S. government has only made modest progress in boosting private industry, including pipe companies, to strengthen cybersecurity defenses. Cybersecurity oversight is divided between an agency alphabet soup, which makes coordination difficult. The Department of Homeland Security conducts “vulnerability assessments” for critical infrastructure, which includes pipelines.
He reviewed Colonial Pipeline around 2013 as part of a study of places where a cyberattack could cause a catastrophe. The pipeline was considered resilient, meaning it could recover quickly, according to a former DHS official. The department did not respond to any questions about any subsequent review.
Five years later, DHS created a pipeline cybersecurity initiative to identify the weaknesses of pipeline computer systems and recommend strategies to address them. Participation is voluntary and one person familiar with the initiative said it is more useful for smaller companies with limited experience in their own IT than for large companies like Colonial. The National Center for Risk Management, which oversees the initiative, also addresses other thorny issues such as electoral security.
Ransomware has been on the rise since 2012, when the advent of Bitcoin made it difficult to track or block payments. Criminals ’tactics have evolved from indiscriminate“ spray and pray ”campaigns seeking a few hundred dollars to specific companies, government agencies, and nonprofit groups with multimillion-dollar lawsuits.
Attacks on energy companies, in particular, have increased during the pandemic, not only in the United States, but also in Canada, Latin America and Europe. Because companies allowed employees to work from home, they relaxed some security checks, McLeod said.
DarkSide adopted what is known as the “ransomware as a service” model. According to this model, he partnered with affiliates who launched the attacks. Affiliates received 75% to 90% of the ransom, and DarkSide kept the rest.
Since 2019, numerous gangs have increased the pressure with a technique known as “double extortion”. Upon entering a system, they steal sensitive data before releasing ransomware that encrypts the files and makes hospitals, universities and cities able to do their job on a daily basis. If the loss of access to the computer is not intimidating enough, they threaten to reveal confidential information, often posting samples as leverage. For example, when the Washington, DC police department failed to pay the $ 4 million ransom demanded by a gang called Babuk last month, Babuk released intelligence reports, names of suspects and criminal witnesses, and personnel files, from medical information to the polygraph test. results, of officers and job candidates.