How the Colonial Pipeline incident marks a new era of vulnerabilities to critical infrastructure
It’s no secret that the cyber threat landscape is evolving. Threat actors continue to devise increasingly complex, and previously unencountered methods of infiltration. Critical infrastructure (CI) systems like oil & gas, once warned of emerging cyber threats, now face ever-present, potent ones. The ransomware attack on the Colonial Pipeline threatened the gas supply of almost half the East Coast. Hospitals and other municipal systems are extorted as they’re held hostage. This new reality is one marked by not only geopolitical actors seeking strategic gains, but prolific for-profit hackers. Vulnerable CI actors, particularly in the oil & gas sector, need to level the playing field by gaining a better understanding of the new threats facing them.
Why Oil & Gas is Targeted
The Colonial Pipeline ransomware attack signaled a stark deviation from past attitudes to CI vulnerabilities: contrary to the expected stereotype of a nation-state actor crippling essential systems, the culprit was instead a band of cyber criminals. Their actions brought a gas scare to the East Coast and revealed the abject vulnerability of the very systems that keep the way of life for many running. Undoubtedly, their success will embolden future threat actors to commit attacks of a similar scale, and while this group publicly rejected notions that they intended to cause societal disruptions, the same can’t be assumed for future imitators.
Oil & gas infrastructure will continue to be an attractive target to geopolitical and for-profit cybercriminals alike, due to society’s reliance on the sector and the potential to influence economic and political spheres. In fact, increased attacks and the likelihood of long-term targeting of the sector led to the recent TSA Pipeline Security guidelines, which define a minimum of pipeline security.
How They are Targeted
While modern threat activity is characterized by its adaptive and unpredictable nature, some common exploitations include:
- Virtual Private Networks (VPNs): once not considered a major cyber attack vector, undersecured VPNs are increasingly exploited by threat actors. A single compromised password to a VPN account enabled the Colonial Pipeline hackers to infiltrate their systems.
- Spear Phishing: a targeted attack that does not rely on easily detected spam campaigns, where instead, victims are carefully selected–and 91% of breaches start with such emails.
This begs the question: how can these advanced attacks to CI be detected early, and prevented in the future?
Cyber Deception is the Solution
The only reliable way to defend against adaptive threat actors is to study their TTPs directly–obviously no simple feat. But CounterCraft’s distributed threat intelligence platform makes it possible, enabling the collection of actionable threat intel from threat actors themselves relying on cyber deception. With our service, users can:
- Detect advanced threats early: detect when threat actors are conducting reconnaissance externally and/or moving laterally internally.
- Collect threat intel: gather threat intelligence in real-time while attackers interact within a deception environment, safely away from real assets, while indistinguishable from them.
- Proactively protect: make targeted improvements to their cybersecurity posture, integrating threat intelligence from our platform with their security apparatus.
With the above strategies, vulnerable CI actors in oil & gas can mitigate future attacks on par with the Colonial Pipeline–and relegate the incident to a one-off event, rather than letting it herald a new wave of disruptions to CI systems and broader society.
For more information on how cyber deception can protect the oil & gas industry, download our data sheet.