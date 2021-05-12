Just like shopping at Amazon, or filing your taxes online, or being virtually sociable through online media platforms, filling up involves cybersecurity risks in the modern era of technology. Sure, the mere use of a credit or debit card with all your related personal and financial data flying around the world’s wide web seems risky, which it is.
Then, along came the crafty, misplaced innovative talents of cyber-criminals who constructed “skimmers.” These bespoke pieces of hardware can be quickly attached to a gas pump’s card reader. The skimmer, like a bona fide card reader, can include a magnetic strip and chip reader. When the bad guy sneaks one onto your local gas pump, your card data flows through it to let you fill your tank. Meanwhile, the skimmer’s mala fide data readers pick up your digital assets—card number, personal info, the oh-so-protective CVV code, etc.—and send them wirelessly to a nearby criminal lying in wait. You pull away with a full tank, and they pull away with your account and likely a shopping list, or more likely a cache of card data ready to sell on the dark web.
During this seemingly trivial every-person tasker, getting gas, there are other risks thanks to technology, though they’re more subtle. Being captured on CCTV security devices or pinpointing your location via smartphone carelessness may put your privacy at risk. This week I’ve noted a much more direct hit, though, and one that will be unavoidable even for careful data protectors or those of you using cash to fuel up. This cyber-risk, now realized and activated upon by the baddies, is bound to raise prices at the pumps if they’re not already heading up by the time you read this.
The Colonial Pipeline is a network of gasoline and other fuels that traverses the Southeast from Houston to Linden, New Jersey. Over 5,000 miles of pipe comprises the network that branches off along the way, such as to Knoxville, supplying around 45 percent of East Coast fuel. The scope of its impact made it an irresistible target for hackers. Last week, Colonial clamped off its entire network after it was struck with a ransomware attack. This incident, in other words, commanded the same response by Colonial as did Hurricane Harvey in 2017 when gas prices reacted by heading up to a then five-year high.
Here again we are witnessing some of the most disconcerting vulnerabilities amidst a challenging cybersecurity environment. The critical infrastructure of America, including electrical grids, the healthcare system, water treatment, and the internet trunk lines themselves, continues to attract hackers. The adversarial nation-states are attracted to them for political reasons knowing how profoundly disruptive the aptly named critical systems may become when disabled. The more commercially focused criminals, again based on criticality, see dollar signs because public officials or company leaders are presumably willing to pay to wriggle out of the disruption.
In the Colonial case, it’s the latter. DarkSide is a group of hackers rather new to the scene, so far as we know. They got some early limelight last August. The security firm Acronis published a case study about DarkSide with the twisted “humanitarian” bent title of “DarkSide Ransomware Does Not Attack Hospitals, Schools and Government.” How generous and conscientious of them. Their unique ethic, and don’t let yourself place them in the Robin Hood category, includes donating a portion of ransom proceeds to charity. They’re like the Newman’s Own version of a criminal enterprises, though every nickel of Paul’s salsa profits gets donated.
DarkSide’s attack on Colonial represents the most damaging infrastructure attack to date according to numerous sources in the know. Many details are still coming, so let me just refresh your recollection about this type of attack: ransomware. Ransomware began gaining prominence as a cyber-threat around 10 years ago, though it’d been in force for years earlier to slighter degrees. It’s named as it is because, ultimately, an organization’s data is being held for ransom. The criminal first does some digital reconnaissance to gain intelligence about the target. DarkSide clearly did its homework. Then, it levies an email campaign against the target. Emails are crafted to appear as official company correspondence, an age-old trick that the most basic hacker can accomplish. The emails get blasted to the whole company, or sometimes are sent to a more focused group. Somewhere in DarkSide’s malicious email there was likely a link to some website or perhaps a company document. Something like this is typical:
Colleagues,
As you know the quarterly P/L reviews are due by the end of May. This year, thanks to IT, there is a user-friendly portal where your numbers can be submitted, edited, and finalized. We are pleased to streamline this for you and your team. Follow the new app’s link below to learn the quick, easy steps to take in order to initiate the process.
P/L Tracker App
Regards,
Scammy McThief, V.P. Finance
Of course, DarkSide likely opted for a more credible sender name and the link doesn’t make things easier. Rather, when a gullible, untrained user clicked it, a number of malicious software applications were executed. One piece of that malware suite encrypted Colonial’s data making it unreadable without a decryption “key.” DarkSide possessed the data to the exclusion of Colonial any everyone else. As of this writing the ransom amount is unknown. Security firms are on the scene as are federal law enforcement agencies. For a few years, ransomware became so popular, and ransoms so low, that it was being referred to as a “commodity.” Now, however, the average [publicly known] ransom amasses over $300,000 in spoils.
You’re likely to travel more this summer than last. Every summer you can expect pump prices to ratchet up. This year, there’s one added force to account for. Hope it’s the last. Know it’s not.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com
Commented
Sorry, there are no recent results for popular commented articles.