News of the ransomware attack on the Colonial Pipeline hit the headlines shortly after last week’s roundup went live. Since then, we’ve learned about the attack, including that the company reportedly has cyber insurance. Though sources familiar with the company’s response told Reuters on May 12 that Colonial did not plan to pay the ransom, the latest reports suggest that the company did pay a nearly $5 million ransom.
As the story unfolds, experts are examining the attack from their own areas of expertise. Technologist Arun Vishwanath opined about the attack and suggested that cybersecurity is “a user problem -- one that can only be resolved by understanding users, who is at risk, why they are at risk and by helping them reduce it.”
Kim Zetter, who’s speaking at RSA Conference on the evolution of ICS threats, had a different perspective and called for civil and criminal penalties and personal accountability for CEOs. Zetter reported that the automated invoicing system on Colonial’s IT networks was ransomed, which was one reason Colonial was keeping the pipeline offline. “If that system is locked and the pipeline is still flowing, Colonial would have to manually collect information about how much fuel is flowing to each customer, then manually process invoices,” Zetter wrote.
Not surprisingly, Colonial was not the only victim this week, as malicious actors continue to target organizations the world over with ransomware. Hospitals have been impacted in the latest attack on Ireland’s Health Services, resulting in its IT systems being forced offline. Additionally, The Washington Post reported, “Hackers who infiltrated the D.C. police department’s computer network have posted a trove of purported department documents, including some containing information related to street crews and others with raw intelligence on threats following the Jan. 6 attack on the U.S. Capitol.”
Here’s a look at what else made cybersecurity headlines this week.
May 14: Cybersecurity professionals weighed in on the Executive Order intended to improve the country’s cybersecurity defenses that was signed earlier this week by President Biden.
May 14: “Microsoft is warning the aerospace and travel sectors of a new targeted attack campaign aimed at stealing sensitive information from affected companies,” Infosecurity Magazine reported.
May 13: Cyberscoop reported, “An unauthorized party accessed Rapid7 source code via the Codecov supply chain compromise.”
May 13: In his remarks on the ransomware attack, President Biden outlined steps the Administration has taken to allow for the return to normal operations, adding, “this is a whole-of-government response to get more fuel more quickly to where it is needed and to limit the pain being felt by American customers.”
May 12: Threatpost reported, “A group of election security experts said after a deep dive into Australia’s electronic voting systems that they have “serious problems” with the accuracy, integrity and privacy with elections run by the Australian Capital Territory (ACT) Electoral Commission.”
May 11: In an opinion piece for NextGov, Terry Thompson blamed the recent cyberattacks on, “Vulnerable supply chains, sloppy security, and a talent shortage.”May 10: The FBI confirmed the attack on the Colonial Pipeline was the work of a criminal ransomware gang dubbed DarkSide.