What did hackers learn from the Colonial pipeline episode?

now coming back to the colonial pipeline i’m sure most of you would have heard about what lessons we as cyber defenders and enterprises should draw from this particular exercise but what about the hackers right what did they learn from this particular uh episode right that’s it that was a fascinating insight that we uh gathered again through our limited interactions with uh some of these hacker groups and you know the the chatter that we intercepted in in dart web and other forums that we are monitoring at this point so again critical infrastructure operators they have very limited visibility into their ops like when this episode happened they had to shut down their entire infrastructure because they were not able to really zero in on which part of their uh you know operations was affected by this particular cyber attack so this is something that the hackers have taken note of large scale disruptions could cause unintended consequences plus massive you know publicity uh this is something that they are always targeting they want to be in the news no hacker would want uh you know their activities to be limited uh or rather you know to be limited in coverage as far as the media is concerned because that is the that is one of the ultimate goals for these hackers to actually see their work appearing in public domain being covered by publications and a lot of media houses are giving them that sort of freedom and space to do that which is again dangerous we wouldn’t encourage that but then again the stories have to come out in one way or other but it’s better that the company or the entity that has been attacked comes out and tells their story rather than you know go through the media or other routes for that matter uh media outlets are you sorry uh by these companies by these hackers again to put companies under pressure as i said that’s a tactic we’ve seen so many times in the last couple of years incident response and reporting are fragmented and uninvolved people are just trying to see how we can get operations going that becomes a priority for all the teams that are involved once a cyber attack actually happens and then you try to figure out what went wrong or what kind of data did we lose and things like that so that this again is something the hackers are sort of you know going after because they know very well if the incident response is fragmented then it becomes much more easier for them uh to actually latch on to latch onto these this event and sort of you know build on top of it so ransom should be moved around early again that’s a very tactical lesson for them so that you know they are not intercepted by agencies uh and you know others who are involved from the law enforcement side so again we are targeting uh you know critical infrastructure agencies and firms or operating with a mix of aging and new infrastructure um we’ve seen in some instances that you know there are entities who are running ot systems which were uh you know where devices were manufactured as late as the 90s or as early as sorry in the 90s and they’ve not been patched the vendor has actually shut down no operations they don’t even know whether the vendor is still around they’ve been acquired and then they don’t no longer manufacture that particular line of products actually so again uh hackers are not doing anything at random they’re monitoring all these things and they’re doing very specific targeting based on what’s going on there decommissioning and shutting down access points is not a standard practice what we saw in colonial pipeline where you know somebody was able to continue or rather maintain a particular profile which was accessed and which had a similar password which was breached in another episode and they used this password to actually log in and target a colonial pipeline but to their credit colony pipeline has actually addressed this problem in a very big way they’ve added multiple layers of security now to ensure that this doesn’t happen and companies are willing to pay ransom because there’s billions at stake every day that the operation that you’re not able to operate it’s always a challenge uh in in terms of keeping the revenues at float and answering your board of directors or uh you know your investors for that matter so you know you want to move ahead very fast put this behind you get your data back data systems back that that’s the priority we understand that but then again um you know there’s a lot more that needs to be done so that to ensure that we don’t land up in a situation like that

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top