The Colonial Pipeline Hack: How To Protect YOUR Business!

By Frank Smith | May 18, 2021
Frank is Manager of Ntiva's cybersecurity and consulting practice, has deep expertise in the government contracting space, and boasts multiple security certificates including CISSP and CMMC-AB practioner.

Last week our news feeds were dominated yet again by another major cybersecurity incident.

This time, it was the ransomware hack on Colonial Pipeline which caused a major disruption on the East Coast when they halted fuel distribution.

But line-ups at the gas pumps due to panic buying is not really the important issue at hand.

For anyone that did sit in a long line for gas last week, please understand that this was very likely avoidable!

Read on to learn why and how these attacks happen, and what you can do to protect your own business from the same disastrous situation using the latest in cybersecurity protection.


No One Is Immune To Cybercrime

It’s tempting to think that these criminal organizations only go after large organizations, but the reality is much different.

The truth is that most hackers target smaller businesses. Why? Because typically they are easier to penetrate due to lack of adequate cyber protection. (Typically, but not always as we’ve recently seen!)

Additionally, many of these criminal groups actually want to avoid the attention of the press and the three-letter agencies.

Cybercrime is HUGE business and you may not be surprised to learn that the bulk of these attacks occur due to human error.




How Did Colonial Pipeline Get Hacked?

While the details of the Colonial Pipeline hack have not been announced, it’s likely that a compromised password allowed the attackers into the affected network. 

How did that happen? 

Chances were it was through an email phishing campaign or a poor password management policy (e.g. no policy, too simple, no Multi Factor Authentication.)

The attackers could have also gone after an unpatched system and used it to leverage their way in.

But regardless, Colonial Pipeline ended up paying roughly $5 million in ransom to the hacking group DarkSide to recover their stolen data.

Unfortunately, every time a company pays up it only emboldens other hackers to follow suit, not to mention encouraging the hackers to circle back around a second time to their original victim.

Worse, there are a few more trends we’re seeing that are causing concern.



The Perils of Paying Ransomware

When attackers penetrate your network, they can do far more than just encrypt and demand payment. 

They are also stealing data and only “returning” the data (i.e. not publishing or offering it for sale) for an additional payment.

And some attackers have been reaching out to those whose data has been stolen and demanding yet a third ransom.

Should you pay a ransom?

Generally, law enforcement discourages it.  The Treasury released guidance discouraging payments as it may violate existing law because so much can end up in restricted countries. 

There is growing sentiment that an outright ban on ransom payments should be mandated and some cyber insurance companies have already changed terms making ransom payments ineligible for reimbursement.

Pipeline QUOTE


While we can criticize Colonial Pipeline for paying the ransomware, once the hackers are in and without the proper backup and recovery solution in place to quickly recover data, it becomes a financial decision.

Either pay the ransom in attempt to restore services as quickly as possible, or risk significant disruption. For Colonial Pipeline, this meant losing the ability to track fuel distribution and bill customers.

That is NOT the position you want to put yourself in!

Let’s look at some statistics:

  • In 2021 it’s predicted that a ransomware attack will occur every 11 seconds, costing businesses more than $20 billion. Source: SafeAtLast
  • And yet 68% of business leaders feel their cyber security risks are increasing and that they do not have adequate protection in place.

Needless to say none of us can bury our heads in sand anymore when it comes to the probability of being hacked!


*Tip: Ransomware is a form of malware – or malicious code – that locks up an organization’s computers and networks. The most common delivery mechanism is phishing emails, typically attachments that are sent via clever emails to unsuspecting victims. Once the attachment is downloaded, the malware encrypts the company data and the user is presented with a message explaining that their files are now inaccessible. They will only be decrypted if the victim sends a payment to the attacker.


Phishing Emails Are Likely The Culprit

The likelihood that the attack emerged from a malicious phishing email attack is extremely high.

It’s been estimated that 95% of cybersecurity breaches are caused by human error, and the bulk of these are through phishing emails.

The recent pandemic hasn’t helped – according to Barracuda Networks phishing attacks spiked by a staggering 667% between March and April 2020!

Not too long ago, phishing emails were easy to spot. They were typically bulk spam emails, badly worded and full of grammatical errors.

Today, phishing emails today are way more sophisticated and sometimes it’s extremely difficult to spot them, especially spear-phishing attacks which appear to come from someone you know and trust.


*Tip: Phishing is a type of online scam where cyber criminals send deceptive emails that appear to be coming from a legitimate organization or person, to unsuspecting recipients. The intent is to trick the email recipient into clicking on a link or downloading an attachment in order to either steal sensitive information such as login credentials, or embed malicious code.



Improving the Nation’s Cybersecurity

The Colonial Pipeline hack is only one of many examples of criminal groups exploiting U.S. cyber vulnerabilities, including the recent Solarwinds hack and the IRS impersonation scam.

Well before the Colonial Pipeline hack, the Biden administration was working on a comprehensive Executive Order on Improving the Nation’s Cybersecurity.

While the EO focuses mostly on cybersecurity-related requirements in federal contracts, it’s also meant to serve as an example to the private sector.

It clearly states that “…cybersecurity requires more than government action.”

According to the FBI, there has been a 300% increase in reported cybercrimes since the pandemic began, as companies were forced to quickly create remote workforces and operate off cloud-based platforms.

Did you know? Global damages related to cybercrime as a whole in 2021 are expected to reach $6 trillion. Yes, that’s a “T”.

Protecting our businesses and our country means that all of us need to adapt to a rapidly escalating threat environment.


How to Beef Up Your Cybersecurity Protection

Regardless of the initial penetration method that the hackers used at Colonial Pipeline, their next step was to deploy the ransomware. 

Could this have been prevented? Most likely, yes.  

There ARE tools that can prevent unknown or malicious software from execution – which very well may have prevented those long lines for gas.

Nothing is 100%, but an ounce of prevention is worth more than a pound of cure, in the case of ransomware. (See Endpoint Detection and Response below.)

Standard old school anti-virus doesn’t cut it anymore, and if your company relies on old school systems, then you are the low hanging fruit of the internet!

There are many cybersecurity frameworks in place that offer "best practices" for any business looking for the gold standard in protection, including NIST and the upcoming CMMC which will be mandatory for contractors who sell into the Federal government.

While these might seem like over-kill for your business, we do foresee a day when these or similar compliance frameworks become mandatory for all organizations, especially those that are responsible for critical infrastructure.

But the bottom line here is that increased threats need better tools! We've put together what we consider the 5 basics you should have in place TODAY.


The 5 Key Must-Haves for Modern Cyber Security Protection

Pipeline LIST


1. Multifactor Authentication (MFA)

MFA is now table stakes. Passwords are no longer enough to protect you, and stolen user credentials are at the top of the list for causing security breaches. MFA ensures that only verified users can access your online applications and data. In many cases, such as with Microsoft 365, this is included – all you have to do is turn it on.

2. Cybersecurity Awareness Training

As mentioned above, human error is responsible for the bulk of cyber breaches, typically done through phishing emails. Employees need continuous training with simulated phishing attacks in order to help them recognize, report and block attempted phishing attacks.

3. Endpoint Detection and Response (EDR)

EDR is often referred to as the “next-gen antivirus.” Advanced EDR tools are extremely effective at preventing and responding to ransomware and other malware attacks. Yes, EDR costs more that AV but it’s trivial compared to the cost of even a single attack. Put it this way, if Colonial Pipeline had EDR in place, its highly likely the attackers would have moved on to someone else

4. Regular Software Patching

Seems so simple, and yet! Remember the infamous Equifax hack in 2017? Turned out the hackers got in through a hole in outdated software. Hackers use automated tools to constantly scan millions of connected devices that have not applied patches against vulnerabilities. Patch management is part of maintaining a healthy business, and if you don’t have a resource to do it for you – get one.

5. Backup and Recovery

Last but certainly not least is backup and recovery. Despite your best intentions, and even with the most advanced protection in place, it is still possible that you might get hacked. Should the worst occur and you find yourself locked out of your data, having the right solution in place that can quickly get you back up and running is paramount. There would be no need to pay a ransom to get access to your data (and sometimes you pay and you still don’t get access) if you could quickly and efficiently recover your data.


Summary: An Ounce of Cybersecurity Protection...!

Although there are no 100% secure defenses against any type of cyber-attack, it’s not hopeless.

Yes, today’s attackers are sophisticated, patient, and have their own infrastructure to support their operations. 

But there are many tools at your disposal to help prevent what many now see as inevitable.

This is now more important than ever with the move to “hybrid” working environments, with most employees no longer behind the office firewall using all sorts of devices from many different networks.

We’re all about having our clients avoid calling us in a panic AFTER they have been hacked - which means putting the right preventative methods in place BEFORE the hackers make their attempt.

It’s not as cost prohibitive as you think, and it is FAR cheaper than the alternative as Colonial Pipeline and many others will tell you!


Interested in learning more about how to secure your remote workers? Click below to access our updated "Guide To Remote Work Security."

New call-to-action

Tags: Cybersecurity