Ransomware has reached a record high with nearly 400 attacks on critical infrastructure in 2020 alone.
As a key example, in May 2021, hackers published personnel files of D.C. police officers, forced city services in Tulsa to shut down, paralyzed a California hospital system, and most notably, paused operations for the largest oil pipeline in the US – triggering sweeping price hikes and oil shortages across the East Coast.
Ransomware-as-a-Service (RaaS) has helped increase the reach and frequency of hackers’ attacks by leasing out their ransomware strains in the same way legitimate developers lease their software to customers. This new way of launching cyber-attacks is arguably proving to be a pandemic of its own.
While most RaaS attacks are directed at those that can pay up to avoid any downtime, cybersecurity experts like Matthew Rogers, Global CISO at Syntax, expect RaaS to grow until it becomes overwhelmingly the most common source of ransomware attacks, so mere compliance with federal regulations does not necessarily mean businesses will end up with secure systems.
Taking the latest serious issues, the Colonial Pipeline ransomware attack, Matthew Rogers tells Digital Journal why these event signals are wider concern. The Georgia-based Colonial Pipeline carries gasoline and other fuel from Texas to the Northeast, delivering roughly 45 percent of fuel consumed on the East Coast.
Rogers explains: “Compliance doesn’t equal security. No doubt this pipeline company has passed numerous compliance audits, yet this ransomware attack still occurred. If a ransomware agent breaks into an environment like this, it indicates this environment is likely missing basic Endpoint Detection and Response (EDR) protections and proactive system monitoring.”
The consequence of this, Rogers says, is that: “A person with nefarious intent could do far worse with this level of access, which is much scarier than this ransomware-driven shutdown. This event will be recovered in 3-7 days, but it’ll be important for the company to make the foundational change to the posture so it cannot happen again.”
Furthermore: “This pipeline is the greatest example of a supply chain security attack in the real world versus the recent SolarWinds attack, which was virtual and non-visible. This physically demonstrates the impact from ransomware on the non-technical world and will likely change the political climate for core infrastructure in the coming year.”