Cyber Risk Management Advisory: Analysis and Recommendations Following the Colonial Pipeline Shutdown
About the Attacker, DarkSide
All information is nonexclusive, as specific details about DarkSide, the attacker, are still under investigation.
- The FBI has been investigating DarkSide since October 2020.
- DarkSide has previously targeted a variety of industries, including manufacturing, energy and insurance.
- In a previous statement, DarkSide said, "Our goal is to make money, and not create problems for society."
- DarkSide develops ransomware as a service (RaaS) and sells its ability to create ransomware or conduct ransomware attacks to whoever is willing to pay.
- DarkSide employs "Double Extortion" and will both exfiltrate data and threaten to release it or deploy software that will encrypt data, making it unusable.
- DarkSide typically uses cryptocurrency to collect ransoms, with a preference toward Monero.
Mitigation for Your Organization
The cyber attack on Colonial Pipeline emphasizes the need for visibility and control. Knowing how to manage your organization’s unique cyber risk requires expertise in industrial cybersecurity and in-depth knowledge of how your operational networks and systems work. CISA and the FBI recommend several mitigation strategies, including:
- Boundary Protections - Manage what goes in and out of IT and OT networks.
- Access Control - Limit/control the movement within IT and OT networks.
- Segmentation - Manage the people and devices that can access networks.
- Monitoring - Detect and confirm potential intrusions.
- Policy Management - Customize policies based on network needs.
- Asset Management - Inventory and management of critical cyber assets.
- Backup Management - Confirm up-to-date copies of network data.
- Configuration Management - Detect changes made to industrial control devices, including Programmable Logic Controllers (PLC) and log information through Management of Change (MOC) documentation.
Knowing how to manage your organization's unique cyber risk requires expertise in industrial cybersecurity and in-depth knowledge of how your operational networks and systems work.
It is crucial to have a strong cyber program that defends industrial operations against cyber attacks and monitors assets at all times. ABS Group provides one of the markets' only 24/7/365 Remote Monitoring and Managed Services specifically designed to protect OT Networks. We are OEM agnostic, OT-specialized and price competitive, with one solution that covers the entire digital ecosystem.
Podcast: The Casualties of Cyber War: Exploring the Colonial Pipeline Shutdown
If a cyber attack can take down an entire pipeline, what's next? As news from the recent attack on Colonial Pipeline continues to develop, private and public companies, the U.S. government and the nation continue to question the dangerous implications behind our critical infrastructure lacking the proper cybersecurity.
Podcast: Cyber in the Supply Chain – When Things Go Wrong
Cyber incidents go from 0 to 100 in the blink of an eye. With nearly half of the East Coast's fuel supply disrupted, the conversation of protecting critical infrastructure is at the forefront of The White House Administration. Join our discussion as we talk about preceding real-life OT cyber incidents that have gone wrong.
Cybersecurity 101: Lessons Learned from the Colonial Pipeline Cyber Attack
The recent cyber attack on Colonial Pipeline underscores the importance of having a strong industrial cyber program that provides visibility and control over your critical infrastructure. In this webinar, we'll discuss the essential lessons learned from this historic incident and the strategies you can use to defend your Operational Technology (OT) and Industrial Control Systems (ICS).
Webinar: OT Cybersecurity – How to Evolve Faster Than Cyber Criminals
Does your in-house cybersecurity team have the bandwidth, experience and equipment to protect your organization against fast-paced cyber criminals? In this webinar, we’ll discuss what your organization needs to know about cybersecurity, how you can gain visibility and control over your OT and Industrial Control Systems (ICS) and the benefit of working with a managed service provider (MSP).
Cyber Support: Industrial Cybersecurity – Take Control of IT and OT Risks
We work with maritime, offshore, industrial and government clients to understand their unique operational technology (OT) risks and help them build cybersecurity solutions to reduce the likelihood of an attack. From the earliest concept and design phases to integrating a program into existing operations, we'll help your organization develop and implement the controls you need to manage cyber risk.
About ABS Group
With over 50 years of industry-wide experience in risk and reliability, ABS Group is a premier provider of industrial cybersecurity consulting, implementation and management services, assisting organizations in enhancing their existing cyber risk programs or creating one that fits their individual needs to address national and international cybersecurity standards and guidelines.