paint-brush
Thoughts After The Colonial Pipeline/Darkside Cyber Attackby@qualitestcontent
201 reads

Thoughts After The Colonial Pipeline/Darkside Cyber Attack

by QualitestMay 22nd, 2021
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

U.S Energy Secretary has said that the “issues of cyber-attacks are not going away” and that we are “utterly vulnerable” to the threat cyber-attacks pose. Darkside, an independent group, encrypted nearly 100GB of data from Colonial Pipeline, a company that is responsible for around 45% of the US East Coast’s fuel. The textbook concept of the Advanced Persistent Threat appears to be evolving and with that, should the way we defend our data change too? We should be more than responsive but continuously proactive.

Company Mentioned

Mention Thumbnail
featured image - Thoughts After The Colonial Pipeline/Darkside Cyber Attack
Qualitest HackerNoon profile picture

Every now and then a cyber-attack occurs that gets everyone’s attention and brings Cyber Security to the forefront of media and public attention. This week, that attack has come from a red team named “Darkside” who encrypted nearly 100GB of data from Colonial Pipeline, a company that is responsible for around 45% of the US East Coast’s fuel. In a statement written on Darkside’s website, they describe themselves as:

“…apolitical, we do not participate in geopolitics, our goal is to make money, and not creating problems for society… From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Considering they even made donations to charitable organisations (according to the bitcoin ledger) and the FBI confirm that blame not be put at the feet of the Kremlin but an independent group; it raises interesting questions about the nature of whom companies and organisations should be protecting themselves from and how they go about it. The textbook concept of the Advanced Persistent Threat appears to be evolving and with that, should the way we defend our data change too? Darkside licences off their software meaning, in theory, even actors such as “script kiddies” attacks could gain access to more secure and sensitive targets.

Jennifer Granholm, the U.S Energy Secretary, following the attack has said that the “issues of cyber-attacks are not going away” and that we are “utterly vulnerable” to the threat cyber-attacks pose. Furthermore, she has also said that “we need to invest in cyber defense” and that “the private sector has to step up to the plate.” Comments that could possibly be her
understanding of the intricacies of creating Cyber Security Solutions and
overstate our vulnerability but remind us that we should never underestimate that vulnerability at the same time.

Those who work in the industry, indeed even those at Colonial Pipelines (the unfortunate company attacked by Darkside), understand the importance of good security practices but also how cybercriminals, whatever their affiliation or purpose, will constantly look for new avenues in which their efforts will be successful. So, if “cyber-attacks are not going away” it is important that we defend ourselves from them as best as possible. The question then obviously becomes, how do we achieve this?

When preparing such a strategy, when the threat is continuous, it is only logical that the response should be continuous too. Advanced Persistent Threats should be met by an Advanced Persistent Defence & prevention. However, considering the nature of what is at stake should there be a breach in cybersecurity, we should be more than responsive but continuously proactive. “Stepping up to the plate” is not a one-off action but a state we should aspire to.

So, what is it that we should aspire to?

  • Building cybersecurity into the SDLC from the beginning – Through shifting Cyber Security Testing left, we can create more secure code and cut the costs of fixing vulnerabilities.
  • Known vulnerability automation – By setting up automated architecture, we become able to find common vulnerabilities more efficiently and in less time.
  • Perform more rigorous Ethical Hacking and Penetration Testing both for IT, OT & IoT products – By achieving the first two areas we can allow cybersecurity experts to use their expertise and knowledge to hunt new attack vectors and keep a level playing ground with attackers.
  • Perform accurate risk assessment – Understanding mitigation allows us to prepare for worst-case scenarios effectively. The more prepared a response based on accurate risk assessment, the better the containment of issues can be.

Authors - David Cox & Niv Segev, Qualitest Cyber Security Team

Please find the linked case study detailing how Qualitest helped the UK-based insurance client to secure the SDLC from the earliest stages and achieve full compliance with industry and government regulations.