Featured Colonial Pipeline II

The first line in the us Marine Corps Hymn ends with ..."to the shores of Tripoli." and points to a slightly similar historical model.
A more recent and perhaps relevant example was the recent response to Somali piracy.....when even the Obama administration practiced a little gunboat diplomacy...sometimes publicly in the form of CTFs....sometimes quasi-publicly, and sometimes off the books..
They even stood their ground against some mild backlash.

I remember being amused when the Rooskies (being typically Russian) were compelled to release some pirates after Russian special forces freed a seized oil tanker - but then publicly stated that they "died before reaching the Somali coast."

Message sent and acknowledged.
ULCCs and other large commerce vessels are largely unmolested these days by Somali pirates.

Private companies having their data exploited is a private company problem....to a point.
Attacks that negatively affect infrastructure and commerce on a regional or national scale are a different sort of thing, and demand a different response both internally and externally.
'Internally' means we use the Federal Bureau if INVESTIGATION for their intended role and "incentivize" the hacked entity to cooperate in a root cause analysis. 'Externally" means that the US gets a little more kinetic in dealing with NGOs that perpetrate the attacks and a little less diplomatic with nations that host them.

Or?
We can keep doing what we're doing.
Hopsitals.
Police Forces.
Small cities.
There have been public stories where these entities have already paid the pirates.
What do we do when they threaten a power grid?
The second largest power outage that I know about happened in 2003 because of a 'software bug.'

AND...there are worse things to hack than a pipeline or a power grid.....

 

The pretend Federal Reserve call is a new scam.

I have to laugh, they are calling a house with a lawyer, a former Treasury Dept employee who worked with the Secret Service in handling bank fraud cases and a retired engineer named in multiple OS security patents.

Why they call I don't know. So much info is already available for peanuts on the dark web. Mine is.

Been approached twice with a ransom demand.

Reminds me to do another backup.

 

Best $60 a year I ever spent was getting BackBlaze.

 

Don't forget water supplies. A few months ago a kid hacked into a municipal supply in a small city near us and increase one of the treatment chemicals by about a thousand percent or something like that. Not enough to hurt anyone but enough to show how stupidly vulnerable the system was.

 

Politico: A federal government left ‘completely blind’ on cyberattacks looks to force reporting
A bipartisan group of lawmakers wants to make sure the government is never left in the dark about serious hacks again.

"No federal law or regulation requires pipeline operators to report any cybersecurity incidents to the government. Instead, suggested guidance from the Transportation Security Administration — the federal agency that oversees pipeline cybersecurity — recommends that they tell local and federal officials about significant breaches.

That’s vastly different from the requirements facing companies that operate key parts of the electric grid, such as generators, substations and large transmission lines, which fall under the jurisdiction of the Federal Energy Regulatory Commission. FERC regulations require those operators to report cyberattacks that compromise or disrupt key equipment, along with any failed compromise attempts. Failure to comply can lead to fines of up to $1.3 million per day per violation."

 

Indeed I do not!

Our (PSTN) telecommunications network has been ravaged over the last 20 years by the fact that very few people or businesses have regular old Mk-1, Mod-0, copper-fed, POTS - or Plain Old Telephone Service.
In some ways this is a very good thing, because----hey.
Progress, right?

However (comma!!!) there are still some instances where monitoring and infrastructure circuits are still protected by antiquity........for now.
In many communities water towers are one of these.
There are a wide range of others......for now.
Sewage
FAA
Train tracks
911/E911

AND others.

Everybody used to cringe whenever they saw Air Traffic Controllers managing traffic load by pushing paper strips from place to place and how much of a shame that it is that our ATC is so antiquated......without stopping to think that sometimes this is a.....ah....."net" benefit (punn almost unintended.)

Imagine a world where the FAA's Steve Dickson's EA (he hasn't been replaced yet) gets a call that one or more ARTCCs are down until we pay a gigabuck in bitcoin to some obscure cyber terrorists.
How long can we leave planes grounded in this country before it "leaves a mark?"

Unfortunately most of the people who still have POTS are the elderly.....and some of these are more vulnerable to this exploit.
It's not as profitable as stinging a medium sized city or company, but it happens all too often.

The Balkans used to be more or less the center of gravity for non-national digital cyber crime but now places like Brazil....Taiwan... and the Turkeys are getting into the game.
India (stereotypically) used to be THE player in the call center scams.....and one wonders how COVID is affecting this.
If the pattern holds this sort of crime will probably spread out as well, but unlike digital exploits it will probably decrease over time as people continue to abandon fixed telephony.

 

An interesting piece by Malwarebytes on the Darkside malware that attacked Colonial Pipeline and how running a simple inexpensive anti virus could have prevented Colonial Pipeline from having to extort $5,000,000 from their American Customers and avoided the pipeline shutdown and the associated mess that came with it.

Threat spotlight: DarkSide, the ransomware used in the Colonial Pipeline attack - Malwarebytes Labs | Malwarebytes Labs

"Yesterday, the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory (CSA) against DarkSide ransomware. It contains detailed mitigation steps that business should follow to reduce the risk of successful ransomware attacks overall. These include simple steps, such as:

• Using multi-factor authentication (MFA) to access networks remotely
• Enabling stronger spam filters
• Updating software to their latest versions
• Regularly scanning systems using a good antivirus product, and
• Limiting access to resources over networks"

Organizations of all sectors should take heed of these best practices. Because before the publication of this article, DarkSide appears to have netted another victim."