Hack

The US' largest fuel pipeline gets hacked by "DarkSide" (gas could get pricier)

Tuesday, May 11, 2021 by Robinhood Snacks | Disclosures

Like a bad LimeWire download... except way worse. Colonial is the largest fuel pipeline in the US — and it just got majorly cyberhacked. Colonial is what the East Coast runs on (besides Dunkin'): its 5.5K-mile system carries nearly half of the gas and diesel consumed on the East Coast. Over the weekend, that car fuel and heating oil stopped moving.

SaaS's evil twin... Colonial was hit by a ransomware cyberattack, forcing it to temporarily halt all pipeline operations. Ransomware = hijacking computer systems and demanding payment for the release of the "hostage." The culprit is a hacking group called DarkSide (makes sense). DarkSide is the evil alter ego of a software startup. Instead of kombucha, it drinks companies' tears.

  • The motive: Instead of selling Software-as-a-Service, DarkSide sells RaaS (Ransomware-as-a-Service) to criminals, who carry out the attacks. DarkSide says it has no political motives, and is purely driven by $$$.
  • The fallout: If the pipeline system is down for more than a few days, consumers will likely start to feel the pain. Think: rising gas prices and/or shortages.
  • The PR move: DarkSide is now implementing "moderation" checks to make sure its clients don't debilitate companies that could cause societal problems. So thoughtful.
THE TAKEAWAY

Cyberattacks aren’t only a threat to cyberspace... they're increasingly targeting critical infrastructure. Think: pipelines, power grids, hospitals, and schools. These "physical" attacks hurt their targets, but they also pose a wider threat to public security. For example, hackers could hijack pipelines' control valves and sensors. Software runs almost everything, so the risk is widespread. That's why government agencies and corporations are investing more heavily in tools to fight ransomware attacks. That could be a boon for cybersecurity companies like FireEye, Palo Alto Networks, Zscaler, and Fortinet.