A recent cyberattack on a major US fuel pipeline is a wake-up call to insurers about the potential for cyber risk to vital infrastructure or technology systems that affect large numbers of connected organizations, according to an analysis by CyberCube.
The Colonial Pipeline was attacked last week, causing gasoline shortages across the eastern US. The pipeline is connected to 30 oil refineries and nearly 300 fuel distribution terminals throughout the country. Thousands of gas stations, consumers, and hundreds of companies – including mass-transit hubs like airports – depend on the pipeline to deliver fuel.
The Colonial attack demonstrated the vulnerability of so-called “single points of failure” (SPoF) to cyber criminals, CyberCube said. SPoFs are components or entire companies whose failure will shut down an entire system and affect many end users.
“Colonial is a taste of what is to come,” said William Altman, cybersecurity consultant at CyberCube. “Both criminal ransomware operators and nation-state-sponsored threat actors are increasingly turning their attention toward attacking SPoF. By going after SPoF, criminal attackers will create maximum leverage to convince their victims to pay a ransom, and nation-state actors will use SPoF as a jump-off point into adjacent systems for conducting espionage and other information operations. While we have yet to see a true accumulation catastrophe event in cybersecurity, the writing is on the wall. Recent attacks on SPoF like SolarWinds, Microsoft Exchange, and Colonial Pipeline indicate clearly the direction the industry is headed.”
Altman said that cyberattacks with catastrophic scope – and the potential for catastrophic losses – were “no longer just science fiction.”
“In 2021, it will be widely acknowledged that a rigorous and structured approach to cyber risk accumulation management is now a prerequisite and a necessity for all reinsurers,” he said.
Read next: What’s the key to mitigating cyber risk?
Colonial discovered that its IT systems had been hacked on May 07. Prior to that, CyberCube’s Account Manager tool had already identified and flagged several high-risk signals for the Colonial Pipeline, including malware infections and the potential for a remote user to gain access to Colonial’s network through an open RDP port, which is one of the most common ransomware attack vectors.
“The attack underscores the rising need for underwriters to assess basic cyber hygiene alongside threat-specific risks such as ransomware for organizations of all sizes across industries,” said Yvette Essen, head of content for CyberCube.
The attack was perpetrated by a group of organized criminals that likely have tacit approval – although not operational support – from the Russian government, according to CyberCube. The group, DarkSide, reportedly took nearly 100 gigabytes of data from Colonial’s network before leaving a ransom note threatening to release the data unless payment was made.
The attack took down 5,500 miles of critical US oil pipeline infrastructure, causing a week of downtime before a $5 million ransom was paid.