On May 7, the largest fuel pipeline in the United States was taken down by hackers, causing fuel shortages across the East Coast. Gas prices soared, flight schedules had to be changed for major airlines, panic buying ensued across the East Coast, and all because of one small error: a single compromised password.
Hackers were able to gain access into the network and digital equipment which controlled Colonial Pipeline Co., demanding a $4.4 million ransom from the company in exchange for their network back. This event was deemed one of the largest cyberattacks on an oil infrastructure in the history of the US; DarkSide, a hacking group, was able to use a VPN (virtual private network) password to gain access to the company’s network. As a result, the company was forced to halt its operations in response to the cyberattack. Almost half of the fuel used on the East Coast used to power cars and jets, stemmed from this pipeline and was therefore compromised.
This type of attack is known as a ransomware attack. Typically, ransomware attacks involve malware that encrypts a victim’s files and demands a ransom amount to give the victim a decryption key to get their data back. Most of the time, this can occur with phishing; phishing occurs when victims are sent emails with fake attachments in order to trick them into revealing secure information about themselves, such as passwords or credit card information. These fake attachments are disguised as trustworthy, and to an unsuspecting victim, they can appear to be legitimate. The Colonial Pipeline attack resulted from a slightly different form of ransomware attack. An outdated account and lack of multifactor authentication allowed the hackers to gain access.
However, there are steps to take to prevent such attacks like this:
- Do not open unknown attachments in emails – make sure the address you are receiving from is trustworthy and the attachment is secure. Similarly, never click on links that are unfamiliar to you, such as spam messages. If you are in doubt, it is better not to open it!
- Avoid sharing personal information such as passwords and account logins over the Internet with untrusted sources.
- Keep your systems up to date: regularly updating your operating systems will make it harder for criminals to exploit any discrepancies in your security system.
- Stay informed! Raising awareness is one of the best ways to help yourself and others stay safe from cybercriminals.
Today, almost everything is done on the Internet with computers and other digital devices. Increasingly, if not protected well, data is susceptible to attacks by cybercriminals. It is important to exercise caution when dealing with unfamiliar digital information and stay informed about your cybersecurity.