Biggest Pipeline Cyberattack in History

September 12, 2023

Introduction

The Colonial Pipeline cyberattack was one of the biggest hacks in history. It was so large that the government responded with new pipeline legislation for cybersecurity. There aren’t many cyberattacks that cause a whole country to notice. Usually, these malicious activities are much more centralized and quieter and don’t illicit much of a response from government agencies. Bad actors attempt to mask their presence and try not to move unnoticed. These attacks are usually on financial institutions and other important facilities in an attempt to steal information and stop systems with ransomware.

However, some attacks spiral out of control, and everyone takes notice. This is a double-edged sword for hackers. They might get a lot of money out of it, but it also means that many more people will be on the lookout for them. This is exactly what happened in the Colonial Pipeline cyberattack. What was supposed to be a quick ransomware insertion turned into nation-wide panic.

What is the Colonial Pipeline?

The Colonial Pipeline is the biggest system of pipelines for refined oil products in the United States. It extends to over 5,500 miles (about 8851 km) and carries 3 million barrels of fuel every day. As you may know, this is a very important system to deliver gasoline and other fuels to the businesses and citizens in the US. It transports fuel to much of the east coast and southern parts of the US. There are many other pipelines across the US, but the Colonial Pipeline is the biggest and most extensive in the country.

The Ransomware Attack

Ransomware is a type of malware that locks down systems, threatening to not only publish sensitive information, but also destroy it unless an amount of money is paid. Back in May of 2021, the Colonial Pipeline suffered a major ransomware attack. However, something was peculiar about this specific attack. While ransomware is usually achieved by direct attacks on an establishment, this specific entry was taken from the dark web.

Using an employee’s stolen password, the hacker group known as DarkSide, managed to break into Colonial Pipeline’s system. This happened on May 6, 2021. The bad actors stole over 100 GBs of the company’s data and proceeded with the malware attack the next day. Locking down all the information, the Colonial Pipeline had to shut down.

The Colonial Pipeline was not prepared for such an attack. The ransomware was so effective that they ended up having to pay the ransomware amount to get the proper tool to restore the systems. However, it was slow and ended up taking multiple days to restore the systems to proper working order. This caused a shortage of gas and other fuel among the south and east coast of the US.

This caused many people to panic and buy as much gas as they could. Because of this, the gas shortages were even more noticeable. There were multiple states of emergency across many states and many other pipelines were tapped to provide fuel to cover the shortages, but it was still felt by many people. Because of this, the government took swift action to make sure this wouldn’t happen again.

The Response

Over the past two years, the US Government has implemented strict pipeline cybersecurity regulations on pipeline owners and operators. They are often checked by proper examiners to make sure proper precautions and audits are in place. Many of these compliance regulations are required to be done by third parties, so it’s a good idea to consider multiple vendors for them.

Here are a few of the things necessary to be compliant with the new pipeline regulations:

  • IT Audit
  • Penetration Testing (Purple and Red Team)
  • Incident Response Planning
  • Social Engineering

There are more specifics in each of these, of course, but that is the surface of what the regulations have mentioned. The government goes into specific detail of what is required and how it should be done. These compliance regulations will keep everything safe from bad actors.

Conclusion

The Colonial Pipeline cyberattack was one of the biggest the world has ever seen. Because of the lack of cybersecurity and other protections, a hacker group was able to shut down an entire establishment that provided fuel to businesses and citizens across the south and east coast of the United States. There were gas shortages and multiple pipelines had to help to cover the lack of fuel.

In response, the government drafted and solidified legislation that requires implementation and strengthening of cybersecurity. These include IT audits and penetration testing, among other things. Many of these cybersecurity services should be provided by a third-party cybersecurity firm. These are crucial in defending against bad actors and hackers that want to get money and sensitive information

Eddy Berry, Security Research Analyst

Eddy has been researching cybersecurity for a few years now. Finding specific trends and best practices is something he takes pride in, assisting in finding news and government regulation that are on the rise. He researches topics and writes articles based on current events and important vulnerabilities that are affecting people, always hoping to get the necessary cybersecurity steps to those that need them.