As conditions deteriorate in Ukraine, the risk of greater cyberattacks rises

Revelations 6:3-4 “ when he opened the second seal, I heard the second living creature say, “Come!” 4 And out came another horse, bright red. Its rider was permitted to take peace from the earth, so that people should slay one another, and he was given a great sword.

Important Takeaways:

  • Russian cyberattacks have been well-tested on US targets, security executive says
  • Russia already has a proven ability to infiltrate U.S. systems
  • “They’ve demonstrated that they’ve been able to go into our core infrastructure, be it SolarWinds in technology, be it Colonial Pipeline in energy, across the board we have evidence of their capability,” the executive told Fox News
  • “There are cyberattacks that would be hard to distinguish between a physical attacks and therein lies great dangers for the escalation of conflict,” said Kelly.
  • “It’s hard to imagine a piece of infrastructure that is either not a target or connected to a target”
  • Last year cybercriminals also shut down a U.S.-based meat plant operated by Brazil-based JBS. The White House said the criminal group was likely based in Russia.

Read the original article by clicking here.

Colonial Pipeline CEO tells Senate cyber defenses were compromised ahead of hack

By Stephanie Kelly and Jessica Resnick-Ault

NEW YORK (Reuters) -Colonial Pipeline Chief Executive Joseph Blount told a U.S. Senate committee on Tuesday that the company’s cyber defenses were in place, but were compromised ahead of an attack last month.

The hearing was convened to examine threats to critical infrastructure and the Colonial Pipeline cyber attack that shut the company’s major fuel conduits last month.

The hack, attributed by the FBI to a gang called DarkSide, caused a days-long shutdown that led to a spike in gasoline prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.

Senators questioned whether Colonial was sufficiently prepared for a ransomware attack and the company’s timeline for responding to the attack. Some suggested Colonial had not sufficiently consulted with the U.S. government before paying the ransom against federal guidelines.

Colonial did not specifically have a plan for a ransomware attack, but did have an emergency response plan, Blount said. The company reached out to the FBI within hours of the cyber attack, he said.

“We take cybersecurity very seriously,” Blount said. Still, he said the attack occurred using a legacy VPN (Virtual Private Network) system that did not have multifactor authentication in place.

He said the system was protected with a complex password. “It wasn’t just Colonial123,” he said.

Blount said he made the decision to pay ransom, made the decision to keep the payment as confidential as possible because of concern for security.

“It was our understanding that the decision was solely ours to make about whether to pay the ransom,” he said.

However, he said even after getting the key, the company is still continuing to recover from the attack and is currently bringing back seven finance systems that have been offline since May 7, he said.

The Justice Department on Monday said it had recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline.

Colonial Pipeline previously had said it paid the hackers nearly $5 million to regain access. The value of the cryptocurrency bitcoin has dropped to below $35,000 in recent weeks after hitting a high of $63,000 in April.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.

(Reporting By Stephanie Kelly and Jessica Resnick-AultEditing by Marguerita Choy)

U.S. recovers $2.3 million from Colonial Pipeline ransomware attack

By Sarah N. Lynch

WASHINGTON (Reuters) -The U.S. Justice Department on Monday said it recovered some $2.3 million worth of cryptocurrency from the Colonial Pipeline Co ransomware attack.

U.S. Deputy Attorney General Lisa Monaco said investigators had seized 63.7 Bitcoins, now valued at about $2.3 million, paid by Colonial after last month’s hack that led to massive shortages at gas stations along the East Coast just as the summer driving season began.

The Justice Department has “found and recaptured the majority” of the ransom paid by Colonial, Monaco said. Colonial Pipeline had said it paid the hackers nearly $5 million to regain access.

Last month, a cyber criminal group that U.S. authorities said operated from Russia penetrated the pipeline operator on the U.S. East Coast, locking its systems and demanding a ransom.

The hack caused a shutdown lasting several days, leading to a spike in gas prices, panic buying and localized fuel shortages in the U.S. Southeast.

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial attack and later intrusions that disrupted operations at a major meatpacking company.

Commerce Secretary Gina Raimondo said on Sunday the Biden administration was looking at all options to defend against ransomware attacks and that the topic would be on the agenda when President Joe Biden meets with Russian President Vladimir Putin this month.

(Reporting by Sarah N. Lynch, Jan Wolfe, Tim Ahmann, and Christopher Bing in Washington and Stephanie Kelly in New York; Writing by Mohammad Zargham and Lisa Lambert; Editing by Howard Goller)

U.S. drivers to get hit by soaring pump prices over Memorial Day holiday

By Stephanie Kelly

NEW YORK (Reuters) – U.S. motorists will see the highest gasoline prices in seven years when they hit the roads this Memorial Day weekend, the traditional start of the summer driving season, as fuel demand surges alongside coronavirus vaccination rates.

Retail gasoline prices are at about $3.04 a gallon on average nationwide, the most expensive since 2014, data from the American Automobile Association showed.

And after a year of lockdowns to curb the coronavirus pandemic, tens of millions of American road-trippers are expected to be stung by those prices: More than 34 million Americans are expected to take to the highways between May 27 and May 31, AAA expects, an increase of 53% from last year but still down 10% from 2019.

“Ahead of Memorial Day, gas demand is expected to rise as more Americans take to the roads for trips that may have been delayed or avoided because of the pandemic,” said Devin Gladden, AAA spokesperson.

U.S. gasoline demand is running at about 9.48 million barrels per day, the highest since March 2020, when U.S. officials began widely restricting travel, Energy Information Administration data showed.

Pump prices had already gotten a boost earlier this month after a ransomware attack on Colonial Pipeline, the nation’s largest fuel pipeline, shut the system for days and stopped fuel supplies from moving across the United States.

Motorists fearing a longer outage raced to gas stations to fill up their tanks, emptying at one point more than 16,000 stations across states such as North Carolina, South Carolina and Georgia.

Around 6,000 gas stations were still without fuel this week, according to tracking firm GasBuddy.

“This is still due to the Colonial outage recovery, plus high demand, making it hard for stations to get back on top of things,” said GasBuddy’s Patrick De Haan.

(Reporting by Stephanie Kelly; Editing by Cynthia Osterman)

U.S. to boost pipeline cyber protections in wake of Colonial hack

WASHINGTON (Reuters) -The Biden administration is working with pipeline companies to strengthen protections against cyberattacks following the Colonial Pipeline hack and will announce actions in coming days, the Department of Homeland Security (DHS) said on Tuesday.

The Transportation Security Administration (TSA), a unit of the DHS, “is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems,” the agency said.

TSA is collaborating with another branch of DHS, the Cybersecurity and Infrastructure Security Agency. DHS said it will release more details “in the days ahead” without providing particulars.

The Washington Post reported DHS is preparing to issue its first mandatory cybersecurity regulations on pipelines, citing senior officials.

In the past TSA has provided voluntary guidelines on cybersecurity for pipelines. The agency only had six full-time employees in its pipeline security branch through 2018, which limited the office’s reviews of cybersecurity practices, a General Accountability Office report said in 2019. The TSA said this month it has since expanded that staff to 34 positions.

The TSA would require pipeline companies to report cyber incidents to the federal government, senior DHS officials told the newspaper.

After a ransomware attack forced Colonial to shut its entire network for 11 days this month, thousands of gas stations across the U.S. Southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.

The closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

The new regulations were discussed after DHS Secretary Alejandro Mayorkas and other top officials considered how they could use existing TSA powers to bring change to the industry, the Post said.

Representative Bennie Thompson, chair of the Homeland Security Committee in the House of Representatives, called the move “a major step in the right direction towards ensuring that pipeline operators are taking cybersecurity seriously and reporting any incidents immediately.”

(Reporting by Doina Chiacu and Timothy Gardner; Editing by Howard Goller and Grant McCool)

Colonial Pipeline hit by network outage just days after hack shutdown

By Stephanie Kelly, Laura Sanicola and Jessica Resnick-Ault

NEW YORK (Reuters) – Colonial Pipeline is having network issues preventing shippers from planning upcoming shipments of fuel, the company said on Tuesday, just after the nation’s biggest fuel pipeline reopened after a week-long ransomware attack.

The disruption was caused by efforts by the company to harden its system as it restores service following the cyberattack, Colonial said, and not the result of a reinfection of its network. It did not say when the issue would be fixed, but said it was still delivering products scheduled by shippers.

Last week’s closure of the 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast.

Colonial has been using its shipper nomination system to schedule batches of fuel deliveries to bring flows back to normal. A prolonged network outage could prevent shippers from adding to or making changes to deliveries – which would hamper delivery across the U.S. southeast and east coasts just after the line reopened.

After the ransomware attack forced Colonial to shut its entire network, thousands of gas stations across the U.S. southeast ran out of fuel. Motorists fearing prolonged shortages raced to fill up their cars.

Colonial’s shipping nomination system is operated by a third party, privately-held Transport4, or T4, which handles similar logistics for other pipeline companies. T4 could not say when the issue would be fixed, and did not comment on whether its systems for other pipelines were affected.

As of Tuesday, more than 10,600 filling stations were still without fuel, according to tracking firm GasBuddy, down from more than 16,000 at the peak last week.

In North Carolina, one of the hardest-hit states, gas outages dropped below 50% on Tuesday, GasBuddy said. South Carolina, Virginia and Georgia all also had outages below 50%.

About 70% of gas stations in Washington, D.C., were still without fuel, down from around 90% over the weekend.

“The number of stations without gasoline is likely to drop under 10,000 today,” said GasBuddy’s Patrick De Haan on Tuesday.

(Reporting By Stephanie Kelly, Laura Sanicola, Jessica Resnick-Ault and Devika Krishna Kumar; Editing by Franklin Paul, Chizu Nomiyama and Marguerita Choy)

U.S. gas stations still shut, prices at 7-yr high in slow recovery from cyberattack

By Stephanie Kelly

NEW YORK (Reuters) -U.S. retail gasoline prices hit seven-year highs on Monday and many filling stations in the Southeast were still without fuel, as the region slowly recovers from a cyberattack on the nation’s largest fuel pipeline.

Last week’s closure of Colonial Pipeline’s 5,500-mile (8,900-km) system was the most disruptive cyberattack on record, preventing millions of barrels of gasoline, diesel and jet fuel from flowing to the East Coast from the Gulf Coast. That alarmed drivers, who took to gas stations to fill tanks and jerry cans.

Last week more than 15,000 gas stations were without fuel. Some stations have since been supplied with Colonial once again open. On Monday, 11,667 stations were without fuel, down from 12,466 stations the day before, according to tracking firm GasBuddy.

The closure came just ahead of the Memorial Day holiday weekend at the end of May, the traditional start of peak-demand summer driving season.

The Southeast bore the brunt of the outage, as the region is almost entirely without refineries. Panic buying caused 90% of fuel stations in Washington, D.C. to run out; as of Monday, that figure had dropped to 69%. Outages in North Carolina fell to just over 50%, while outages in South Carolina, Georgia and Virginia were under 50%, GasBuddy said.

The national gas price on Monday rose to $3.045 a gallon, the highest since October 2014, according to data from the American Automobile Association.

“The Southeast will continue to experience tight supply this week as terminals and gas stations are refueled,” said AAA spokesperson Jeanette McGee. “Over the weekend, gas prices started to stabilize, but are expected to fluctuate in the lead up to Memorial Day weekend.”

North Carolina saw an average price increase of 20 cents per gallon from the previous week, according to tracking firm GasBuddy on Monday.

South Carolina, Virginia and Georgia all saw price increases of just under 20 cents per gallon.

Some drivers in the region canceled trips to avoid using their gas supply. Traffic congestion in cities such as Richmond, Virginia; Atlanta; Greenville, South Carolina; and Charlotte and Raleigh, North Carolina fell last week from the week prior, according to Carol Hansen at location technology company TomTom.

Alpharetta, Georgia-based Colonial is currently shipping at normal rates, though it will take some time for the supply chain to fully catch up, Colonial spokesman Eric Abercrombie said in an email over the weekend.

The company began resuming its regular nomination process on Monday to allocate capacity to companies that use the line.

DarkSide, the group blamed for attacking Colonial Pipeline systems, has said it recently hacked four other companies. A website it used to communicate went dark last week.

Websites tied to two other ransomware groups not connected to the Colonial hack also were unreachable in a likely retreat amid the hunt for perpetrators, Allan Liska, a researcher with cybersecurity firm Recorded Future, said on Sunday.

(Reporting by Stephanie KellyEditing by Marguerita Choy)

U.S. capital running out of gas, even as Colonial Pipeline recovers

By Stephanie Kelly and Jessica Resnick-Ault

NEW YORK (Reuters) -The U.S. capital was running out of gasoline on Friday even as the top U.S. fuel pipeline ramped up deliveries following a cyberattack and Washington officials assured motorists that supplies would return to normal soon.

The six-day Colonial Pipeline shutdown was the most disruptive cyberattack on record, which underscored the vulnerability of vital U.S. infrastructure to cybercriminals.

Widespread panic buying continued two days after the nation’s largest fuel pipeline network restarted, leaving filling stations across the U.S. Southeast out of gas even in areas far from the pipeline.

U.S. pump prices are at their highest in years, just two weeks before the peak summer driving season kicks off and as traffic continues to recover from mobility restrictions during the Covid-19 pandemic. The average national gasoline price has climbed to almost $3.04, the most expensive since October 2014, the American Automobile Association said.

On Friday gas station outages in Washington, D.C., climbed to 87%, from 79% the day before, tracking firm GasBuddy said.

“Most of these states/areas with outages have continued to see panicked buying, which is likely a contributing factor to the slow-ish recovery thus far,” said GasBuddy’s Patrick De Haan. “It will take a few weeks.”

Colonial Pipeline announced late Thursday it had restarted its entire pipeline system linking refineries on the Gulf Coast to markets along the eastern seaboard.

President Joe Biden also reassured U.S. motorists that fuel supplies should start returning to normal by this weekend.

Some states experienced modest improvements in gas outages but still saw a high amount. About 70% of gas stations in North Carolina were without fuel, while around 50% of stations in Virginia, South Carolina and Georgia had outages.

The hacking group believed to be responsible for the attack, DarkSide, said it had hacked four other companies including a Toshiba subsidiary in Germany.

Colonial Pipeline, which is owned by pension funds, private equity and energy firms, has not determined how the initial breach occurred, a spokeswoman said on Thursday. The company has focused on cleaning its networks, restoring data and reopening the pipeline.

Colonial has not disclosed how much money the hackers were seeking or whether it paid. However, Bloomberg News reported that it paid nearly $5 million to hackers.

To stem fuel shortages, four states and federal regulators relaxed fuel driver restrictions to speed deliveries of fresh supplies. Washington also issued a waiver to U.S. refiner Valero Energy Corp <VLO.N> allowing it to transport gasoline and diesel from the U.S. Gulf Coast to East Coast ports on foreign-flagged vessels. The U.S. normally limits deliveries between domestic ports to U.S.-built and crewed vessels.

Gulf Coast refiners that send their fuel to market through the Colonial Pipeline have had to cut production because they have not been able to move their gasoline, diesel and jet fuel through the pipeline. A smaller, alternative pipeline filled to capacity quickly after Colonial announced its network was shut last Friday.

(Reporting by Stephanie Kelly and Jessica Resnick-Ault in New York; additional reporting by Joseph Menn; Writing by Richard Valdmanis; Editing by Simon Webb and Steve Orlofsky)

Colonial Pipeline paid hackers nearly $5 million in ransom – Bloomberg News

(Reuters) -Colonial Pipeline paid nearly $5 million to Eastern European hackers on Friday after a crippling cyberattack that shut the largest fuel pipeline network in the United States, Bloomberg News reported, citing two people familiar with the transaction.

The company paid the ransom in untraceable cryptocurrency within hours after the attack, according to the report.

Colonial Pipeline declined to comment.

Whether targets of such attacks should pay to regain control of their systems is a matter of fierce debate. Critics contend that paying ransom encourages attacks.

U.S. House of Representative Speaker Nancy Pelosi said on Thursday ransom should not be paid by companies that are the victims of cyber attacks.

The hackers provided Colonial Pipeline with a decrypting tool to restore its disabled computer network after they received the payment, but the company used its own backups to help restore the system since the tool was slow, Bloomberg News reported.

After a six-day outage, the top U.S. fuel pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, moved some of the first millions of gallons of motor fuels on Thursday.

The shutdown caused gasoline shortages and emergency declarations from Virginia to Florida, led two refineries to curb production and had airlines reshuffling some refueling operations.

The FBI earlier this week accused a shadowy criminal gang called DarkSide for the ransomware attack. The group has not directly taken credit, but on Wednesday it claimed to have breached systems at three other companies.

A terse news release posted to DarkSide’s website did not directly mention Colonial Pipeline but, under the heading “About the latest news,” it noted that “our goal is to make money, and not creating problems for society”.

The White House declined to weigh in on Monday whether companies that are hacked such as Colonial Pipeline should pay ransom to their attackers, but a national security official said it may offer some advice in the future.

(Reporting by Arathy S Nair in Bengaluru; Editing by Shounak Dasgupta)

Biden says East Coast fuel shortages to end in days as pipeline reopens

By Stephanie Kelly

(Reuters) -U.S. President Joe Biden on Thursday said that U.S. motorists can expect filling stations to begin returning to normal this weekend even as shortages gripped some areas amid restart of the top U.S. fuel pipeline after it was shut by a ransomware attack.

The Colonial Pipeline, which carries 100 million gallons per day of gasoline, diesel and jet fuel, will take some time to fully recover and could still suffer “hiccups,” he said. Colonial began supplying some fuel to most regions along its 5,500 mile (8,850 km) route.

The pipeline resumed computer-controlled pumping late Wednesday after adding safety measures.

The shutdown caused gasoline shortages and emergency declarations from Virginia to Florida, led two refineries to curb production, and spurred airlines to reshuffle refueling operations.

The pipeline’s restart should bring supplies to some hard-hit areas as soon as Thursday, said U.S. Energy Secretary Jennifer Granholm.

“Relief is coming,” added Jeanette McGee, a spokeswoman for motor travel group AAA.

Motorists’ tempers frayed as panic buying led stations to run out even where supplies were available. On Thursday about 70% of gas stations in North Carolina were without fuel, while around 50% of stations in Virginia, South Carolina and Georgia had outages, tracking firm GasBuddy said.

The average national gasoline price rose above $3.00 a gallon, the highest since October 2014, the American Automobile Association said, and prices in some areas jumped as much as 11 cents in a day.

Nicole Guy, 36, a leasing agent in Atlanta, was at her fourth gas station Thursday morning, trying to find gas. The station ran out of gas early Wednesday and the manager wasn’t sure when deliveries would resume.

Guy said she wished she had gone out the night before to refuel.

“My sister paid $3.50 at the pump last night for her car,” she said. “I thought if I went looking today I’d find a better deal. I never paid that much at the pump.”

Even as the pipeline resumes pumping, it will take time to replenish stocks. Gasoline inventories in the Northeast likely will fall to five-year lows this week, said Richard Joswick, an analyst with S&P Global Platts.

HACKERS RESURFACE

As FBI cyber sleuths dug into an attack that paralyzed a large part of the U.S. energy infrastructure, the group believed to be responsible said it was publishing data from breaches at three other companies, including an Illinois technology firm.

Biden on Thursday said officials do not believe the Russian government was involved in this attack.

“But we do have strong reason to believe that the criminals who did the attack are living in Russia,” he said. “That’s where it came from.”

U.S. House of Representatives Speaker Nancy Pelosi on Thursday urged companies that are victims of cyberattacks not to pay a ransom.

Colonial has not publicly said how much money the hackers were seeking or whether it paid the ransom. Colonial has a type of insurance that typically covers ransom payments, three people familiar with the matter told Reuters on Thursday.

To stem fuel shortages, four states and federal regulators relaxed fuel driver restrictions to speed deliveries of fresh supplies.

The U.S. also issued a waiver to an undisclosed shipper allowing it to transport gasoline and diesel from the U.S. Gulf Coast to East Coast ports on foreign-flagged vessels. The U.S. restricts deliveries between domestic ports to U.S.-built and crewed vessels.

Gulf Coast refiners that move fuel to market on the Colonial Pipeline had cut processing as an alternative pipeline filled to capacity last weekend. Total SE trimmed gasoline production at its Port Arthur, Texas, refinery and Citgo Petroleum pared back at its Lake Charles, Louisiana, plant.

Royal Dutch Shell Plc on Thursday said it was seeking alternative supply points to tackle challenges from the incident.

Airlines were refueling planes at their destinations, instead of usual departure points. On Wednesday, Delta Air Lines Chief Executive Ed Bastian said more fuel would be available “hopefully by the end of the week and as long as those predictions come true, hopefully we’ll be OK.”

(Reporting by Stephanie Kelly in New York; additional reporting by Rich McKay in Atlanta; Editing by Steve Orlofsky)