Business is booming for cyber extortionists.
DarkSide, the hacking group that shut down a key U.S. oil pipeline earlier this month, has collected over $90 million recently in hard-to-trace Bitcoin from 47 different victims, according to the blockchain analytics firm Elliptic.
The pipeline hack ended only after Colonial Pipeline Co. paid nearly $5 million in ransom to regain control of computer systems needed to supply gasoline to much of the eastern U.S., and was widely dubbed a “wakeup call” to batten down loose digital hatches. Following the subsequent release of President Joe Biden’s new “Executive Order on Improving the Nation’s Cybersecurity,” the Department of Homeland Security is now moving to regulate cybersecurity in the pipeline industry. The Transportation Security Administration is expected to issue mandatory rules and reporting requirements for safeguarding pipelines against cyberattacks.
But there are key gaps. In all the recent reporting on cyber attacks, there’s been scant coverage of how they actually occur. You’d almost think that bad guys are breaking into corporate data centers in the dead of night armed with sinister thumb drives, or sneaking lines of malevolent code past snoozing information security officers. It’s as if malware materializes spontaneously on a server, then worms its way in to seize control of operational assets.
Companies are reluctant to correct the misimpressions by discussing the details of a breach, because it makes for terrible press and inevitably reveals some sloppy security. The absence of information creates a sense of bystander apathy, leaving many in the industry unprepared for the next attack.
In real life, corporate servers are often breached through remote login services as employees connect to the office from compromised home networks. Once an attacker has gained initial access to an enterprise network, other hacking tools can be used to exploit software flaws and infiltrate critical control systems. The rise of remote work during the pandemic has drastically increased these attack surfaces.
Most people don’t think of their personal computers as vectors for infectious malware, but that’s what they are. Laptops are thought of as places to store private photos and files, and manufacturers tend to downplay the vulnerabilities. It came as a surprise last week when Apple’s senior vice president of software engineering, Craig Federighi, admitted that Mac has a malware problem. According to Federighi, there have been 130 types of Mac malware in the past year, one of which infected 300,000 systems. And all this is coming from a company that historically advertised its machines as a more secure alternative to Microsoft Windows.