Colonial Pipeline Company’s fuel tanks in Baltimore, Maryland, USA. (Photo: AFP/VNA) US Department of Homeland Security (DHS) on May 27 issued new security guidance for owners and operators of fuel pipelines. This move follows a cyber attack on the company’s fuel pipeline system Colonial Pipeline , leading to gas supply disruptions on the US East Coast this month. Homeland Security Secretary Alejandro Mayorkas said: “The recent malware attack on a major fuel pipeline shows that the cybersecurity of pipeline systems is a critical factor. pivotal to the homeland security of the United States.” Under DHS, owners and operators of fuel pipeline Key players will be required to immediately report confirmed and probable cyber-attacks to the Department of Cybersecurity and Infrastructure Security under their respective jurisdictions. DHS (CISA), and appoint a cybersecurity coordinator available 24 hours a day and 7 days a week. The issuance of the new guidance also requires fuel pipeline owners and operators to review current cybersecurity measures to detect any vulnerabilities, as well as remedial actions if necessary. there is a risk of a cyber attack. They must notify this result to the Transportation Security Administration (TSA), a unit of DHA, and CISA within 30 days. The DHS statement said TSA is considering additional mandatory measures to enhance cybersecurity to protect the US fuel system. Previously, on May 7, Colonial Pipeline announced that it was attacked by ransomware and forced to close some systems. This incident caused a large-scale supply disruption, causing thousands of gas stations on the US East Coast to fall into shortages and gasoline prices to the highest level since 2017. The US government has issued an order. state of emergency in 17 states and Washington, D.C. After more than 1 week of being affected, the Colonial Pipeline oil pipeline has returned to normal operation. Colonial Pipeline has publicly confirmed paying a ransom to restore computer networks. Meanwhile, the US Federal Bureau of Investigation (FBI) identified DarkSide as the hacker group behind the attack.

Ransomware is a type of malware that encrypts the victim’s data. Cybercriminals using ransomware also often steal data. The hackers then demanded a payment to unlock the files and promised not to leak the stolen data. In recent years, hackers have targeted victims with cyber insurance policies, and large volumes of sensitive consumer data make them more likely to pay ransoms, according to cybersecurity experts. According to the unnamed source, CNA paid the hackers about two weeks after a bunch of company data was stolen and CNA officials were locked out of its own network. CNA does not comment on the ransom, with a CNA spokesperson saying CNA followed all laws, regulations and guidelines, including OFAC’s 2020 ransomware guide, in handling the matter. CAN also shares attack intelligence and hackers’ identities with the FBI and the Treasury Department’s Office of Foreign Assets Control because facilitating ransom payments to hackers can cause punishment risk. The largest ransom amount Ransomware attacks – and payments in particular – are rarely disclosed so it’s difficult to know what the largest ransom is. The $40 million payout is larger than any previously disclosed payments to hackers. The hackers attacking CNA used malware called Phoenix Locker, a variant of ransomware called ‘Hades.’ According to cybersecurity experts, Hades was created by a Russian cybercrime organization called Evil Corp. Evil Corp. was sanctioned by the United States in 2019. However, identifying attacks can be difficult because hacking groups can share code or sell malware to each other. CNA, which provides cyber insurance, said its investigation concluded that the Phoenix hacker group was not on the US sanctions list. The disclosure of the payment is likely to draw outrage from lawmakers and regulators who are unhappy that US companies are paying large sums of money to criminal hackers who over the past year have targeted hospitals, drug manufacturers, police forces and other entities critical to public safety. The FBI discourages organizations from paying ransoms because it encourages additional attacks and does not guarantee data will be returned. Last year was a standout year for ransomware groups, with a task force made up of security experts and law enforcement agencies estimating that victims paid around $350 million in ransom last year, up 311% compared to 2019. The Task Force suggested 48 actions the Biden administration and the private sector could take to mitigate such attacks, including better regulation of money markets. digital currency used to make ransom payments. The report, prepared by the Institute for Security and Technology, was delivered to the White House days before the Colonial Pipeline Company was compromised in a ransomware attack that resulted in fuel shortages and long lines at stores. gas stations along the US East Coast Bloomberg reported that Colonial paid hackers nearly $5 million shortly after the attack. Colonial CEO Joseph Blount, in an interview with the Wall Street Journal published Wednesday, confirmed that the company paid the hackers – $4.4 million in ransom. According to two people familiar with the CNA attack, the company initially ignored the hacker’s request and attempted to recover the data without negotiating with the criminals. But within a week, the company decided to start negotiating with the hackers, who were demanding $60 million. Residents said the payment was made a week later. According to Barry Hensley, chief intelligence officer at cybersecurity firm Secureworks Corp. then the Phoenix Locker seems to be a variation of Hades based on the overlap of the code used in each. He said they have not yet identified which hackers used the Hades variant to attack CNA. Cybersecurity firm CrowdStrike Holdings Inc believes Hades was created by Evil Corp. to bypass US sanctions against the hacking group. In December 2019, the Treasury Department announced sanctions against 17 individuals and six entities associated with Evil Corp. At the time, the Treasury Department said Evil Corp used malware “to infect computers and collect login information from hundreds of banks and financial institutions in more than 40 countries, causing more than 100 million dollars of theft. “It is illegal for any U.S. company to knowingly pay a ransom to Evil Corp. According to Melissa Hathaway, President of Hathaway Global Strategies and a former cybersecurity adviser to Presidents George W. Bush and Barack Obama, demand for ransomware has grown exponentially over the past six months. Hathaway said the average hacker’s ransom demand is between $50 million and $70 million. Those claims are often negotiable, and companies often pay ransoms in the tens of millions of dollars, in part because cyber insurance policies cover some or all of the costs. Hathaway estimates that the average payout is between $10 and $15 million. Ngoc Linh – According to Insurance Journal

Fuel will be transported by road to Washington DC and the states of Alabama, Arkansas, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee , Texas, Virginia. Colonial Pipeline is the largest oil pipeline operator in the United States On May 7, the leading US fuel pipeline operator Colonial Pipeline announced the shutdown of its entire network following a cyber attack by ransomware. Ransomware is a type of malware designed to lock down a system by encrypting data and demanding a ransom from the victim to regain access. Colonial Pipeline asked a cybersecurity company to coordinate with federal law enforcement agencies to investigate this cyberattack. The shutdown of the largest fuel pipeline network in the United States will cause the price of this item and related products to spike. According to some sources, a hacker group called “DarkSide” is suspected of causing the attack. This is a group of hackers that have carried out many cyber attacks that have cost many Western countries tens of billions of dollars in the past 3 years.

Colonial Pipeline had to shut down the entire network after a cyber attack. Photo: wsj.com The administration of President Joe Biden said it was making every effort to restore the company’s operations and avoid disruption to supply. Experts say gas prices will not be affected if the company resumes normal operations in the next few days. However, this cyberattack, rated as the worst ever for the US infrastructure system, should be a warning bell for other companies about the risk they will become the next target of similar attacks. According to Colonial Pipeline, the company’s pipeline carries gasoline and other fuels from Texas to the Northeast, providing nearly 45 percent of the fuel for the East Coast of the United States. Although Colonial Pipeline has not revealed who is responsible for the cyber attack, an unnamed person on the team investigating the incident confirmed that the culprit was a hacker group nicknamed Darkside. This group has been spreading ransomware since August 2020 and is classified as one of the most attackable groups. Over the past 3 years, Darkside has become more and more professional and has caused Western countries tens of billions of dollars in losses. Ransomware attacks are malicious code designed to lock down computer systems using encrypted data and demand a ransom to restore access. US Commerce Secretary Gina Raimondo on May 9 warned US businesses to be wary of ransomware attacks. The female minister affirmed that she would work closely with the Department of Homeland Security to handle the issue, considering this a top priority of the government. Reuters news agency, citing a notice from the White House, said the administration was working to help Colonial Pipeline company resume operations to avoid supply disruptions. According to sources, before activating ransomware, hackers often steal data, which is used to blackmail businesses or distort the truth. Sometimes stolen data is more valuable to hackers than the benefit they get by disrupting business operations. Security experts say the attack is a warning to operators and managers of essential infrastructure in the US such as electricity, water, energy and transportation facilities that have long been built. do not update the method to ensure security against the risk of being attacked. Mr. David Kennedy, a senior security consultant and founder of the security consulting firm TrustedSec, admitted that ransomware attacks have spiraled out of control in the US and are currently under development. is one of the greatest threats facing the United States. However, most American companies lack the ability to prepare for such threats.

Colonial Pipeline’s Dorsey hub in Maryland, USA. Photo: Reuters The difficulty in fuel supply has raised concerns that gasoline prices at pumping stations will escalate during the peak summer travel season. Colonial Pipeline said the company is trying to resume operations this weekend after its fuel pipeline system was paralyzed since May 7 after being hit by a cyber attack. The shutdown of the Colonial Pipeline’s fuel pipeline system shut down nearly half of the US East Coast’s fuel supply. The US Energy Administration on May 10 called for mandatory cybersecurity standards for fuel pipeline operators and operators. “Incentivizing the voluntary application of standards to pipelines is inadequate,” said US Federal Energy Regulatory Commission Chairman Richard Glick. The US Federal Bureau of Investigation (FBI) has accused a cybercriminal group called “DarkSide” of causing a ransomware attack on Colonial Pipeline. Reuters news agency quoted cybersecurity experts as saying that DarkSide is based in Russia or Eastern Europe, so the gang usually avoids targeting computers that use the languages ​​of the former Soviet republics. However, US President Joe Biden on May 10 expressed he did not believe that the Russian government was behind the cyber attack on the Colonial Pipeline. “So far there is no evidence based on our intelligence that Russia is involved,” Biden said. A statement titled DarkSide group on May 10 stated: “Our goal is to make money and not create problems for society.” Ransomware attack is a type of malware designed to disable computers by encrypting data and blackmailing victims if they want to regain system access. It is not clear what price the hackers offered for Colonial Pipeline, and the company has not commented on the matter. Fuel demand in the southeastern United States has increased sharply in recent days as consumers fear fuel shortages. The Southeastern region of the United States has long depended mainly on the supply of fuel flowing through the Colonial Pipeline’s pipeline system. The average national gasoline price rose 6 cents to $2.96 a gallon last week, the highest since May 2018 and close to a peak set in 2014, the American Automobile Association said. also warned of speculation about fuel hoarding as the supply continued to decrease. Katina Willey, a resident of Florida on May 10, said she had to go to 5 gas stations to buy gas. “Consumers have to wait in long lines at three of the five gas stations I go to,” added Katina Willey. Many other car owners said they were also looking to refill their gas tanks out of fear that the fuel situation could worsen. If the Colonial Pipeline’s pipeline disruptions continue, fuel suppliers may be able to force fuel transportation by trucks and trains to partially ease the fuel shortage. The US Department of Transportation on May 9 lifted travel restrictions for fuel truck drivers in 17 states affected by supply disruptions.

Accordingly, on the group’s website, DarkSide confirmed that it never intended to interrupt the US fuel supply when attacking the network of the Colonial Pipeline company, headquartered in Georgia, USA. The group also said that it will carefully examine its goals in the future, while emphasizing that the group is not affiliated with any governments when the cyber attack takes place because the group is always acting alone. DarkSide wrote on the website: “We are a non-political organization. We are not tied to a government. Our goal is to make money, not to put society in a difficult situation like it is today. in”. “From today, we will carefully examine each company that our partners want to attack to avoid future consequences,” the DarkSide team stressed. The partners the group refers to are “affiliates” of the group, DarkSide said. This group of hackers acts as a company that specializes in providing “hacking services” and is not directly involved in cyber attacks on companies or governments. The team will develop malware for the cyber attacks and negotiate the ransom with the victim, at the request of their partner. One source believes that DarkSide will receive 20-30% of the ransom for its services.

Accordingly, on the group’s website, DarkSide confirmed that it never intended to interrupt the US fuel supply when attacking the network of the Colonial Pipeline company, headquartered in Georgia, USA. The group also said that it will carefully examine its goals in the future, while emphasizing that the group is not affiliated with any governments when the cyber attack takes place because the group is always acting alone. DarkSide wrote on the website: “We are a non-political organization. We are not tied to a government. Our goal is to make money, not to put society in a difficult situation like it is today. in”. “From today, we will carefully examine each company that our partners want to attack to avoid future consequences,” the DarkSide team stressed. The partners the group refers to are “affiliates” of the group, DarkSide said. This group of hackers acts as a company that specializes in providing “hacking services” and is not directly involved in cyber attacks on companies or governments. The team will develop malware for the cyber attacks and negotiate the ransom with the victim, at the request of their partner. One source believes that DarkSide will receive 20-30% of the ransom for its services.