colonial-ceo-‘disappointed’-in-dhs-cybersecurity-agency-comments

Colonial CEO ‘disappointed’ in DHS cybersecurity agency comments

Spread the love
54 min ago

Colonial CEO “disappointed” in DHS cybersecurity agency comments 

From CNN’s Geneva Sands

Colonial Pipeline CEO Joseph Blount told lawmakers Tuesday he was “disappointed” to hear the Department of Homeland Security cybersecurity agency raised concerns about communications between the company and the federal agency. 

Last month, DHS Cybersecurity and Infrastructure Security Agency acting director Brandon Wales testified that his agency was brought in by the FBI, not Colonial. Wales told Republican Sen. Rob Portman of Ohio at the previous hearing he did not think that Colonial would have contacted CISA directly, if not for the FBI reaching out. 

When pressed, Wales said that there’s a “benefit when CISA is brought in quickly” because the agency can share it in a broader fashion to protect other critical infrastructure. 

On Tuesday, Blount said his company has historically maintained communication with CISA.

“I was somewhat disappointed when I heard that they felt like if we hadn’t gone in and contacted them the first day with the FBI that we would not have contacted them separately,” Blount said. 

42 min ago

Colonial Pipeline CEO: We reached out to the FBI “within hours” of the attack

Storage tanks are seen at a Colonial Pipeline facility in New Jersey on May 12.
Storage tanks are seen at a Colonial Pipeline facility in New Jersey on May 12. Mark Kauzlarich/Bloomberg/Getty Images

Colonial Pipeline CEO Joseph Blount said that his company reached out to the FBI “within hours” of the ransomware attack.

Asked during questioning by Sen. Tom Carper, a Democrat from Delaware, about his contact with the FBI in the early hours of the May 7 attack, Blount said that Colonial first contacted the Atlanta office of the FBI. “They felt it was DarkSide,” Blount said, referring to the criminal hacking group that official said carried out the attack.

From there, Blount said that Colonial was put in touch with the FBI’s “DarkSide experts” who are California-based.

Some more context: Ahead of today’s Senate hearing with Colonial Pipeline’s CEO, US investigators announced they recovered millions in cryptocurrency they say was paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month, the Justice Department said Monday.

The announcement confirmed CNN’s earlier reporting about the FBI-led operation, which was carried out with cooperation from Colonial Pipeline, the company that fell victim to the ransomware attack in question.

Specifically, the Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year.

CNN’s Evan Perez, Zachary Cohen and Alex Marquardt contributed reporting to this post. 

1 hr 14 min ago

Colonial Pipeline CEO: “I made the decision to pay” the ransomware hackers

Pool
Pool

Colonial Pipeline CEO Joseph Blount said during his opening remarks “I made the decision to pay” the ransomware hackers that shut down the pipeline last month.

He said it was “the hardest decision” he’s ever made in his career, adding, “I believe with all my heart it was the right choice to make.”

Blount said that his company worked with law enforcement “from the start” including the Department of Justice and FBI, which “may have lead to the recovery this week” of millions paid to the hackers.

Blount’s public testimony comes a day after the DOJ announced that US investigators recovered millions of dollars in cryptocurrency paid in ransom to hackers.

The company discovered the cyberattack on May 7 just before 5:00 a.m. when an employee found a ransom note on its IT network. The employee notified a supervisor who ordered the shutdown of the pipeline.

“Shutting down the pipeline was absolutely the right decision, and I stand by our employees’ decision to do what they were trained to do,” Blount said in prepared remarks.  

He said the decision was driven by the “imperative to isolate and contain the attack” to help ensure the malware on the IT network did not spread to the operational network, which controls the pipelines. 

More on the ransomware attack: The process to shutdown 5,500 miles of pipelines took about 15 minutes and was complete by 6:10 am, according to Blount. In prepared remarks, he recognized the “gravity of the disruption that followed the shutdown, including panic-buying and shortages on the East Coast,” and apologized to everyone impacted by this attack. 

Colonial, which has around 950 employees, began returning all pipelines to service on Wednesday evening, May 12. As part of the restart process, the company increased air surveillance and drove over 29,000 miles for inspections of the pipeline to ensure physical security. 

Last month after intense speculation, Blount publicly admitted he made the decision to pay the ransom to the hackers as the company tried to get its services up and running again. 

CNN’s Geneva Sands contributed reporting to this post.

1 hr 28 min ago

NOW: Colonial Pipeline CEO speaks before Senate committee on ransomware attack

From CNN’s Geneva Sands

Pool
Pool

Colonial Pipeline CEO Joseph Blount is testifying in the Senate, a month after the company was hit with a debilitating ransomware attack that led to a halt in operations at one of America’s most important fuel pipelines.

Blount will face lawmakers for the first time since a six-day shutdown of the pipeline in May led to panic buying and widespread gas station outages in the Southeast.

The Colonial incident, followed several weeks later by a cyberattack on a major US meat producer, highlighted the grave risk that ransomware can have for businesses and vital services throughout the US, as criminals have increasingly had success targeting large enterprises.

Blount’s public testimony comes a day after the Justice Department announced that US investigators recovered millions of dollars in cryptocurrency paid in ransom to hackers.

Ransomware attacks have grown in both scope and sophistication in the last year, Deputy Attorney General Lisa Monaco said Monday, calling it an “epidemic.”

Blount admitted last month that he authorized a ransom payment of $4.4 million, calling it a “highly controversial decision,” in an interview at the time.

Read more here.

1 hr 30 min ago

GOP Sen. Portman says “there’s a lot more work to do” on cybersecurity

Ranking member Sen. Rob Portman, a Republican from Ohio, noted during opening remarks in a Senate hearing that the attack on Colonial Pipeline is not an “isolated incident.”

He said that Congress has done a lot of good work on cybersecurity but “there’s a lot more work to do.”

Portman said that along with impacting the companies with cyber attacks that paralyze “companies until ransom is paid,” ramsonware attackers are employing a “two prong” approach by threatening to release “sensitive victim data.”

The GOP senator said that there “seems to be a new ransomware attack every week” and “no entity is safe.” He noted that after the Colonial Pipeline attack hackers went after the US’s largest meat processor, JBS.

2 hr 4 min ago

Why hackers are targeting physical infrastructure

From CNN’s Rishi Iyengar and Clare Duffy

An aerial view of the JBS beef plant in Greeley, Colorado, on June 1.
An aerial view of the JBS beef plant in Greeley, Colorado, on June 1. Michael Ciaglo/Bloomberg/Getty Images

Many people think of cyberattacks as just that: an attempt by hackers to steal sensitive data or money online. But now hackers have found a significant moneymaker in targeting physical infrastructure.

These attacks have the potential to spark mayhem in people’s lives, leading to product shortages, higher prices and more. The greater the disruption, the greater the likelihood that companies will pay to alleviate it.

“If you’re a ransomware actor, your goal is to inflict as much pain as possible to compel these companies to pay you,” said Katell Thielemann, Gartner’s vice president analyst for security and risk management. “This is beyond cybersecurity only, this is now a cyber-physical event where actual, physical-world processes get halted. When you can target companies in those environments, clearly that’s where the most pain is felt because that’s where they make money.”

Multiple recent ransomware attacks have originated from Russia, according to US officials. Last Wednesday, the FBI attributed the attack on meat producer JBS to Russia-based cybercriminal group called REvil, which also tried to extort Apple supplier Quanta Computer earlier this year. REvil is similar to DarkSide, the group US officials said was behind the ransomware attack that shut down the Colonial Pipeline last month.

Experts say both REvil and DarkSide operate what are essentially “ransomware-as-a-service” businesses, often employing large staffs to create tools to help others execute ransomware attacks, and taking a cut of the profits. In some cases, they also carry out their own attacks. Russian law enforcement typically leaves such groups operating within the country alone if their targets are elsewhere because they bring money into the country, cybersecurity experts say.

The list of potential targets is long. The US government’s Cybersecurity and Infrastructure Agency (CISA) lists 16 different industries as “critical infrastructure sectors,” including energy, healthcare, financial services, water, transportation, food and agriculture, the compromise of which could have a “debilitating effect” on the US economy and security. But experts say much of this infrastructure is aging, and its cyber defenses haven’t kept up with the evolution of bad actors.

Read more here.

2 hr 17 min ago

Here’s the latest on the Colonial Pipeline hack

From CNN’s Evan Perez, Zachary Cohen and Alex Marquardt

An aerial view of fuel holding tanks at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland, on May 13.
An aerial view of fuel holding tanks at Colonial Pipeline’s Dorsey Junction Station in Woodbine, Maryland, on May 13. Drew Angerer/Getty Images

The Justice Department announced Monday that investigators recovered millions in cryptocurrency they say was paid in ransom to hackers whose attack prompted the shutdown of the key East Coast pipeline last month.

The announcement confirms CNN’s earlier reporting about the FBI-led operation, which was carried out with cooperation from Colonial Pipeline, the company that fell victim to the ransomware attack in question.

Specifically, the Justice Department said it seized approximately $2.3 million in Bitcoins paid to individuals in a criminal hacking group known as DarkSide. The FBI said it has been investigating DarkSide, which is said to share its malware tools with other criminal hackers, for over a year.

The ransom recovery, which is the first seizure undertaken by the recently created DOJ digital extortion taskforce, is a rare outcome for a company that has fallen victim to a debilitating cyberattack in the booming criminal business of ransomware.

Colonial Pipeline Co. CEO Joseph Blount told The Wall Street Journal in an interview published last month that the company complied with the $4.4 million ransom demand because officials didn’t know the extent of the intrusion by hackers and how long it would take to restore operations.

But behind the scenes, the company had taken early steps to notify the FBI and followed instructions that helped investigators track the payment to a cryptocurrency wallet used by the hackers, believed to be based in Russia.

“Following the money remains one of the most basic, yet powerful, tools we have,” Deputy Attorney General Lisa Monaco said Monday during the DOJ announcement, which followed CNN’s reporting about the recovery operation. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises.”

Read more here.

2 hr 51 min ago

Colonial Pipeline CEO will testify this morning about last month’s cyberattack

The CEO of Colonial Pipeline is set to testify to lawmakers today after a cyberattack caused a six-day shutdown of the pipeline that delivers nearly half of all the diesel and gasoline consumed on the East Coast of the United States.

Joseph Blount, who has run the Colonial Pipeline company for nearly four years, will appear today before the Senate Homeland Security Committee. He is expected to testify Wednesday before the House Committee on Homeland Security in a hearing called “Cyber Threats in the Pipeline: Using Lessons from the Colonial Ransomware Attack to Defend Critical Infrastructure.”

The Colonial Pipeline attack — which the FBI attributed to a criminal gang called DarkSide — was done using a relatively unsophisticated form of ransomware, but it caused gas shortages, price spikes and a rush of consumers heading to the pumps out of fear that the outages would last.

Reporting from CNN’s Clare Duffy

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *