Colonial Pipeline Shutdown Is The Latest In Wave Of Cyber Attacks
MARY LOUISE KELLY, HOST:
Baby monitors, hospitals, city water supply - just a few of the things connected to the internet. And as the Colonial Pipeline shutdown has laid bare, they're just a few of the things vulnerable to cyberattacks. Here's how Chris Krebs, who was until last year the country's top cybersecurity official, put it to a House committee last week.
(SOUNDBITE OF ARCHIVED RECORDING)
CHRIS KREBS: The underlying enabling factors for this cybercrime explosion are rooted in the digital dumpster fire of our seemingly pathological need to connect everything to the internet, combined with how hard it is to actually secure what we have connected.
KELLY: Well, the number of online attacks has surged since the pandemic began. The FBI reported a nearly 70% increase in the number of cybersecurity complaints last year. So is this the new normal?
Here to help us answer that is Allie Mellen. She's a security and risk analyst with Forrester. That's a research company that monitors cybersecurity.
ALLIE MELLEN: Thank you so much. It's a pleasure to be here.
KELLY: So let's dive right in on the Colonial Pipeline attack and the group that the FBI says is behind it. They are called DarkSide. What do we know about them?
MELLEN: Really, they are a criminal organization that intentionally develops ransomware and then sells it to other cybercriminals as a service. And they really function almost like a startup - in order to enable other cybercriminals to spread ransomware, and then they make additional money off the top of those sales. So it has really become much like a business, even with customer support and other systems, to make sure that they make as much money as possible, at the same time doing as little as possible.
KELLY: And how sophisticated an attack is this?
MELLEN: All in all, this is actually not that sophisticated an attack. We see ransomware attacks quite often. This attack was not sophisticated in nature, such as the SolarWinds attack. But it is an attack that has a severe impact on organizations because of the business disruption that it causes.
KELLY: In terms of motive, there's making money. But DarkSide - just recently, they talked about, based on our principles, they will not attack hospitals or schools or nonprofits. So it's complicated in terms of what they're trying to get out of this.
MELLEN: Absolutely. As with all humans, we have a complex motivation system. I think ultimately these attackers are really just looking to get paid. And of course, to some extent, they probably have a conscience, but it doesn't change the fact that they are still attacking these really critical pieces of infrastructure, whether it is hospitals or utility companies. And ultimately, these targets are actually some of the best targets for attackers looking to deploy ransomware because any type of downtime when you're talking about a utility or a hospital can have a severe impact and can really make these organizations want to pay faster.
KELLY: Is there anything to suggest Colonial Pipeline was unusually vulnerable? Or could what happened to them happen to all kinds of big companies?
MELLEN: Unfortunately, as we've seen, these types of attacks happen to - just as you mentioned - all kinds of companies. This is not something that is unique to Colonial Pipeline. However, there are steps that organizations can take to protect themselves. And companies like Colonial Pipeline need to be doing this. It's very difficult to say whether they had these measures in place beforehand given the information that we have available today. But hopefully, this can serve as a lesson to other organizations to build more robust security programs.
KELLY: Allie Mellen is a security analyst with Forrester.
Thank you so much.
MELLEN: Thank you. Transcript provided by NPR, Copyright NPR.