Following the crippling ransomware attacks on Georgia-based Colonial Pipeline, United States President Joe Biden has signed an executive order aimed at strengthening U.S. cybersecurity defenses. The company operates 5,500 miles-long pipelines that can carry 3 million barrels of fuel per day between Texas and New York. The attack has led to widespread fuel shortages along the East Coast and panic buying in the southeastern United States.
Ransomware attacks are usually carried out using a trojan, which then spreads malware that blocks and encrypts files on a device or network that results in the system becoming inaccessible in most cases. The attackers then threaten to publish the victim"s data or perpetually block access to it unless a ransom is paid.
The FBI confirmed that it believes the DarkSide ransomware is responsible for the attack on Colonial Pipeline. DarkSide is a criminal group with origins in Russia.
The White House said it was directing a “comprehensive federal response” in light of the recent attack. President Joe Biden’s executive order takes a number of steps for modernizing the nation’s cybersecurity defenses which include upgrading to secure cloud services and other cyberinfrastructure. It also mandates the deployment of multifactor authentication mechanisms and encryption with a specific time period in place. Software developers are even required to share certain security data publicly.
Colonial announced in a press release that although it has started pipeline operations, it will take several days for fuel deliveries to return to normal levels. President Biden"s Energy Secretary Jennifer Granholm also tweeted the update after a phone call with Colonial CEO Tim Felt.
We just got off the phone with #ColonialPipeline CEO. They are restarting pipeline operations today at ~5pm. More soon.
— Secretary Jennifer Granholm (@SecGranholm) May 12, 2021
Colonial Pipeline"s use of outdated on-premises Exchange Servers seem to be a potential attack vector, but it has not yet been confirmed that this was indeed the security vulnerability that led to the latest attack. Microsoft’s systems were also involved in the SolarWinds attack last year. Microsoft"s President Brad Smith had described the cyberattack as “the largest and most sophisticated attack the world has ever seen.”
Even though Microsoft has published many advisories about the importance of keeping on-premises Exchange Servers up to date due to several vulnerabilities being exploited in the wild, many organizations have failed to do so leading to devastating cyberattacks.