A cyber attack on Colonial Pipeline, a top US fuel supplier, has led to the shutdown of its entire network. According to Reuters, a prolonged shutdown of the pipeline will cause prices to rise drastically, negatively impacting the summer travel season and overall economy. Transporting over two million barrels each day, the pipeline links refiners throughout the Gulf Coast, eastern, and southern regions of the US and provides fuel for major airports including Atlanta’s Hartsfield Jackson, the busiest hub in the world.
The attack was waged using ransomware, a malware tactic that threatens to either reveal sensitive data or block access until a ransom is paid. It works by gaining access to files and encrypting them, making the systems that rely upon those files unusable. Ransomware can infect a network in many ways such as unsafe websites and infected file attachments in emails or instant messenger applications.
Although attacks on small businesses and organizations may not derail the infrastructure of an entire country the way an attack as large as this might, such breaches can cause substantial damage to profits, security, and reputation. According to the FBI Internet Crime Complaint Center (IC3), reports of ransomware attacks increased for a total of 2,474 in 2020.
As with most information security matters, one of the fundamental safeguards is vigilance. Best practices that reinforce skills in detection of malicious emails and spam is essential. While some of these sources contain misspellings or errors that make them easy to spot, hackers are becoming more and more sophisticated in their tactics. Strong passwords and two-step authentication are important. Also, data redundancy and backups are crucial to avoid having to pay the ransom to gain access.
Nicole Perlroth, in a New York Times article, states that many essential services do not do take even the most basic precautions because of lack of resources. “American hospitals, schools and governments are common ransomware targets because they tend to use older software with security holes that can’t be repaired.”
That is where Asteros Cybersecurity Services steps in. Our free, no-strings-attached attack surface audit can help pinpoint critical vulnerabilities in these systems and allow us to provide consultation on affordable ways in which small- to medium-sized businesses and organizations can address these important issues.