On Friday May 7th, 2021, the Colonial Pipeline, which carries 45 percent of the East Coast’s fuel supplies, was shut down by a Ransomware attack. Within 48 hours, states such as North Carolina, Alabama, Florida, and several others were informed that a gas shortage was underway. This, unfortunately, caused buyers to panic and begin to over-purchase gas, causing a large portion of gas stations across the states to be run completely out of gas.
In the age of technological advancements and safety measures, how could this happen? Why was this industry so easily disabled? This is concerning because without good protection, something that is very vital to us can be turned off, like a faucet. Though the reasons why this happened may not be immediately clear, we can look at what we do know and try to find our answer.
As we discussed in a previous blog, Ransomware is malware that can lock a user or company out of their own system. Dedicated groups of hackers purposely design this malware with the intention of disabling large corporate companies or individuals. Once the data is in their possession, they tell the company or individual that if they pay say 5 million dollars, they will return their data to them so they can regain access to their own networks.
This is where it can get tricky. Oftentimes the promise of the returned data doesn’t come to fruition. The hackers will take the 5 million and run, leaving the company with no data or access to their own systems, and now are 5 million dollars short.
Colonial Pipeline paid hackers a $4.4 million ransom to regain control of its computer systems and restart fuel delivery to the East Coast, the company’s chief executive said Wednesday.
In an interview with the Wall Street Journal, Colonial CEO Joseph Blount said the decision to pay off a hacking group was “the right thing to do for the country.” He acknowledged the payment was “highly controversial,” since federal officials largely encourage companies not to incentivize further cyberattacks by compensating bad actors. Bogage, J. (2021, May 19). Colonial Pipeline CEO says paying $4.4 million ransom was ‘the right thing to do for the country.’ Washington Post. https://www.washingtonpost.com/business/2021/05/19/colonial-pipeline-ransom-joseph-blunt/
Unfortunately, in most cases only a portion of the data is returned. But more often none will be returned at all…making these situations even more devastating.
However, this is not the only concerning attack that has happened recently that we should be concerned about.
In early 2020, hackers secretly broke into Texas-based SolarWind's systems and added malicious code into the company's software system. The system, called "Orion," is widely used by companies to manage IT resources. Solarwinds has 33,000 customers that use Orion, according to SEC documents.
Most software providers regularly send out updates to their systems, whether it's fixing a bug or adding new features. SolarWinds is no exception. Beginning as early as March of 2020, SolarWinds unwittingly sent out software updates to its customers that included the hacked code.
The code created a backdoor to customer's information technology systems, which hackers then used to install even more malware that helped them spy on companies and organizations.
SolarWinds told the SEC that up to 18,000 of its customers installed updates that left them vulnerable to hackers. Since SolarWinds has many high-profile clients, including Fortune 500 companies and multiple agencies in the US government, the breach could be massive. Microsoft president Brad Smith said in a February congressional hearing that more than 80% of the victims targeted were nongovernment organizations. The US is readying sanctions against Russia over the SolarWinds cyber attack. Here’s a simple explanation of how the massive hack happened and why it’s such a big deal. (2021, April 15). Business Insider. https://www.businessinsider.com/solarwinds-hack-explained-government-agencies-cyber-security-2020-12?international=true&r=US&IR=T
Microsoft Exchange Server also found itself under attack earlier this year through a zero-day threat. A zero-day threat is a software attack that exploits weaknesses the company may not be aware of. This is usually solved with a software patch via the developer.
Microsoft told security expert Brian Krebs that the company was made aware of four zero-day bugs in "early" January…
On March 2, Microsoft released patches to tackle four critical vulnerabilities in Microsoft Exchange Server software. At the time, the company said that the bugs were being actively exploited in "limited, targeted attacks."
Microsoft Exchange Server is an email inbox, calendar, and collaboration solution. Users range from enterprise giants to small and medium-sized businesses worldwide.
While fixes have been issued, the scope of potential Exchange Server compromise depends on the speed and uptake of patches -- and over a month on, the security issue continues to persist. Osborne, C. (2021, April 19). Everything you need to know about the Microsoft Exchange Server hack. ZDNet. https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/
Our world is built on technology. All our precious information is moved around digitally on an hourly basis. Along with that, the companies we trust this information to are under continuous attacks for that information. These are just the corporate companies that we know of. Oftentimes these hackers will implant ransomware, malware, or other infectious viruses into a system and then wait months before implementing it. During that time, they may be waiting quietly so as not to be detected, or they are possibly selling the breach to the highest bidder on the dark web.
While this sounds terrifying and overwhelming, awareness of these constant attacks for our information is one of the best ways for us to prevent it from being stolen in the first place.
How Do I Protect Myself?
Many times, the first thing we think of as an individual is that we don’t have anything that a hacker would even want to steal. That just isn’t true. While we might only have a little bit of money in our bank account, that money still means something to someone. We have other precious information we forget to guard, like our social security number. In America, this number is what identifies us. It helps us get a job, to get an approval on a mortgage, and to receive medical care. If your identity is stolen, it can be detrimental to anything you want to do in the future.
“Malicious cyber actors today are dedicating time and resources towards researching, stealing, and exploiting vulnerabilities, using more complex attacks to avoid detection and developing new techniques to target information and communication technology supply chains," acting Cybersecurity and Infrastructure Security Agency Director Brandon Wales told the Senate Homeland Committee, whose hearing was focused on a spate of recent incidents impacting the US. Sands, Z. C. C. A. G. (2021, May 16). Colonial Pipeline cyber attack: 4 key takeaways on US government response. ABC7 Chicago. https://abc7chicago.com/colonial-pipeline-ransomware-cyber-attack-biden-gas-prices/10641125/
It’s important to think about the people within our care. Many people trust their personal and business information to us, so protecting the interests of the people you do business with is equally important, too.
Create a Security Plan:
Creating a Cyber Security Plan is the best way to protect your interests, but where do you start? Here are a few of the basic areas to consider -
How many computers do you have?
How many operating systems?
How many phones are connected to your system?
Do you have a physical security system?
Looking into your infrastructure, do you have WiFi? Is that secure?
What network devices do you have?
Bringing a company in that is gifted in this exact line of work is your best way of ensuring your doors are locked up tightly. Knowing that someone is consistently checking and testing all the back doors into your company can bring you peace of mind in the cyber world we live in. For instance, using DataCom’s Uptime Security plan would help you achieve all these critical points in one full sweep.
You can learn more about creating an in-depth cyber security plan in Nate’s book, The Cyber Security Guide: What you need to know to implement a cyber-security plan for your business.
Identifying weak points in your own system is key to creating an airtight security plan.
You also want to focus on a breach plan. What will you do in the event of a breach? You want to figure out what was breached, what was done in the system during the breach, and if you are a business owner - were any of your customers’ systems breached as well? Oftentimes hackers will breach one company with the intent to get to another. They may not have been after you, but perhaps a customer of yours. DataCom Technologies also offers assistance in helping you build a breach plan, helping you ask all the right questions, and cover all your bases.
Passwords and 2fa.
Here at DataCom, we cannot stress enough the need to keep your devices as secure as possible.
Do NOT use the same password.
Stop it. We know you’re using your grandmother’s birthdate and your child’s middle name for all of your accounts. While this may seem easier, it isn’t secure. Find a unique password for every device and app you own. Consider using a pass phrase instead of a password, a pass phrase could look like DataCom’TechnologiesUptimePlanWillSecureMyNetwork or IBelieveInBigfoot could be another good password phrase. The key is to be as creative and unique as possible.
DO use 2fa.
Two factor authentication is one of the quickest ways to secure yourself and your devices. Creating a double authentication into all your computers and applications ensures that you’re keeping hackers out. You can read more about 2fa here.
This is a critical step! Making sure your data and security is fully backed up is how you don’t become the next victim of a cyber-attack. The reason this is so crucial, is because if you are hacked but you are backed up, you can say: “It does not matter because we are backed up,” and continue your operations as usual.
Experts generally encourage ransomware victims not to pay any ransom: "You're basically funding those (criminal) groups," Div said.
But a company's ability to get back online without paying hackers may depend on whether it has protected backups of its data. In some cases, hackers can delete their target's backups before locking its files, leaving the victim organization with no recourse.
Colonial Pipeline ended up paying DarkSide this week as it tried to get back up and running, sources told CNN. The group demanded nearly $5 million, but the sources did not say how much the company paid.
Similar ransomware incidents could range from anywhere in the hundreds of thousands of dollars to around $10 million, experts said. Clare Duffy, CNN Business. (2021, May 16). Colonial Pipeline attack: A “wake up call” about the threat of ransomware. CNN. https://edition.cnn.com/2021/05/16/tech/colonial-ransomware-darkside-what-to-know/index.html
Key steps to backing up your data.
You need to do a backup every day.
You need to have a dedicated person who checks the backup daily to make sure your server backs up.
Keep at least 3 backups of the same data on file.
An off-site backup is crucial. It should not be stored at your house, or your office, but somewhere nobody else knows about except for your most trusted personnel.
An important part of a company’s plan is having good insurance. There are many reasons why you should have insurance:
Liability. When you are handling other people’s information and data, you are liable should anything happen while that information is in your care.
It’s expensive. Even if you don’t pay out money to a hacker, getting your company back to work and getting your system properly repaired so there isn’t a next time, is expensive.
Ransom. If, in the unfortunate event all your backups and security measures fail, you find yourself paying a Ransomware hacker, you do not want to be pulling that money from your own bank account.
The landscape of the cyber security world is ever changing. We must continue to change with it, in order to stay ahead of ransomware attacks. We are in a time where we must be ever vigilant with our security.
If you have any questions or would like to know more information about our Uptime plan, do not hesitate to reach out to us at 330-680-6002 or datacomtechnologies.net, to connect with a cyber security specialist.