Identity Management Perspective on the Colonial Pipeline Hack

Identity Management Perspective on the Colonial Pipeline Hack

The Colonial Pipeline Hack is one of the most devastating, most public ransomware attacks in history; it’s become one of the most damaging cyber-attacks to affect American critical infrastructure. 

As a result, we continue to compile expert commentary for cybersecurity perspectives from around the world. In this article, we shared some of the perspectives we’ve received which is of interest to more identity management-focused businesses. 

Identity Management Perspective on the Colonial Pipeline Hack

Matt Trushinski

Matt Trushinski is Technical Director at Arctic Wolf.

“Ransomware-as-a-Service is big business and we are not surprised groups like DarkSide are capitalizing on extortion techniques that are quickly becoming a hallmark for many eCrime actors. The hallmark of DarkSide attacks, among other eCrime groups, is that they do extensive research on their targets and are mainly interested in large corporations. This creates a sense of urgency especially as we see critical infrastructure suffering kinetic impact. This situation illustrates a growing security crisis. It’s imperative that if prevention fails, there is a world-class security operations infrastructure in place to detect, manage, and mitigate any threat.”

Tom Garrubba

Tom Garrubba is CISO of Shared Assessments

“Numerous agencies including CISA have been trumpeting warnings or ‘calls to action’ to update critical infrastructure for years, and sadly, the time for initial action has long since passed. The evidence is clear: we are under attack by both rogue and state-sponsored organizations and the cyber community along with the general public have taken notice and are getting very worried.

“Any company whether primary or downstream providing support to our country’s national infrastructure needs to take a good hard look at the systems supporting those processes and ask themselves: “Can we be next? Do we need to update our systems? Do we need assistance to support and secure these systems?” and if so, petition their corporate boards and owners for the requisite financial support in upgrading and securing these systems.

“As there is so much talk in Washington D.C. regarding support for a National Infrastructure bill, the time has truly arrived for our congressional representatives to include and support this most critical infrastructure component – the identification, inclusion, and funding for upgrading the various antiquated systems supporting this nation’s critical infrastructure.”

Garret Grajek

Garret Grajek is CEO of YouAttest. 

“The effects of this attack are serious enough: stopping 2.5 million barrels per day of refined products from the Gulf Coast to the eastern and southern United States. But is additionally alarming is how the attack group, surmised by researchers as the “Darkside” group hailing out of Russia, is now operating.  (Darkside is selective in its targets and avoids ex-Soviet Union enterprises.)

According to Cybereason, Darkside has created an affiliate program – where Darkside creates the malware and others are financially motivated via an embedded “affiliate” code to other hacking groups for a successful delivery of the malware.

This means that there’s not just one threat vector to close off, but dozens if not more attack entries to block.

How to protect against such attacks? 

Darkside has often created malware-targeted domain controllers – so traditional hardening approaches are crucial, including patching and a fanatical lockdown of admin and service accounts. We must not only be performing regular access reviews of our key admin accounts but also have instantaneous alerts on any attempts at privilege escalation on these accounts.”

Thanks to these experts for their time and expertise. For more on Identity Management, check out the Buyer’s Guide or the Solutions Suggestion Engine

Ben Canner