Oil shortages loom in the USA following an attack on an oil pipeline’s owner
A major oil pipeline in the US was disrupted at the weekend as hackers using ransomware attacked the operator of a major oil pipeline, resulting in the operator taking the pipeline offline.
The 5500 mile Colonial Pipeline, which stretches from Texas to New Jersey, carries 2.5 million barrels a day, nearly half of the East Coast’s supply of diesel, petrol and aviation fuel.
Industry sources have pointed the finger at the “DarkSide” hacking group who are believed to be operating out of the former Soviet republics. The gang tried to take 100 gigabytes of data hostage in the attack.
This isn’t the first time oil pipelines have been attacked by hackers. In 2012 a cyberattack on Saudi Aramco crippled the oil company’s IT network. In that case though production was not affected
Because of the disruption, IS officials have passed emergency laws relaxing the rules on transporting oil by road, allowing tanker drivers to work more flexible hours. However it is clear that this measure will not be enough to replace the pipeline. If disruption continues for more than a couple of days, pressures are likely to mount rapidly.
The attack comes at a difficult time for the US economy which is just moving away from the problems caused by the covid-19 virus meaning that businesses are increasingly back on the road.
It is still unclear why the company has taken the pipeline offline. However this is likely to be a precautionary action to prevent any ransomware spreading laterally to software that controls the pipeline.
Once into the control systems, the hackers could have damaged safety controls and potentially caused a catastrophic incident. It is possible that this, rather than the ransom, was the real aim of the attack. Certainly, hackers often use one form of attack to hide another more damaging attack.
Security experts have been warning of the dangers to infrastructure from attacks on the Internet of Things. However this attack is different in that the IoT appears not to have been directly targeted.