Blog

The Cyberattack that Shut Down a Major U.S. Pipeline

Colonial Pipeline is one of the largest gasoline pipelines in the United States. On Friday, 7 May 2021, it was hit by a ransomware attack from the criminal group called Darkside. Colonial made the decision to shut down certain operations late Friday to contain the threat, which temporarily halted all pipeline operations and affected some of their IT systems.

Ransomware attacks are typically carried out by cybercriminals who encrypt data paralyzing their targets’ networks and demand large sums of money to decrypt it.

Colonial transports around 45% of the gas consumed by the East Coast with 2.5 million barrels a day of gasoline, diesel, and jet fuel that are transported from Houston to North Carolina with another 900,000 barrels a day to New York. The attack has threatened to disrupt the supply for millions of users along with surging gasoline prices which jumped more than 3% and could be one of the biggest attacks on critical infrastructure in history.

Drivers rushed around to fuel their vehicles across the Southeast this week leaving thousands of gas stations without gasoline. Airlines are in a similar position scrambling to get jet fuel to avoid flight disruptions.

 Who is Darkside?

Darkside has been identified as a cybercriminal gang comprised of veteran cybercriminals solely focused on rinsing as much money as they possibly can from their targets.

Darkside claims that it does not steal from medical, educational, or government institutions, and only targets large corporations. They have, in the past, donated part of their extortions to charities like Children International and The Water Project using bitcoin as their preferred method of payment.

How can a pipeline be hacked?

Modern technology as allowed many companies to run extremely digital and Colonial Pipeline is no different. It is far from the greasy image of pipes, pumps, and black liquid which goes with the gasoline industry.

Computer systems are connected to a central system which control pressure sensors, thermostats, valves, pumps, and are used to monitor, and more importantly, control the flow of gasoline through its pressured systems across hundreds of miles. 

Where there is computer and connectivity, there will be a risk of a cyberattack. All the devices are connected to a computer and network which, if not safely secured, can be breached, leaving it vulnerable to malicious attacks and then held for ransom.

At this stage, it is still uncertain how they gained access to the system, but a possibility that someone in the organization fell victim to a phishing attack giving the hackers access to plant the malicious malware.

The attack emphasized the vulnerabilities of the nation’s energy sector and other essential industries which are privately owned.

The Colonial Pipeline attack was a powerful reminder of the everyday implications that cyberattacks can have on infrastructure, businesses, and a nation.