The Evolution of the Cyber Landscape
and Threats Businesses Face
In the past 12 months there has been no shortage of cyberattacks that have made front page news, but there have been two recent incidents that have stood out to me — the Colonial Pipeline ransomware attack and the Kaseya ransomware attack.
We all know ransomware threats continue to intensify. In fact, attacks doubled from 2019 to 2020, and the average ransom payment has eclipsed $220,000. But what makes the Colonial Pipeline and Kaseya attacks interesting case studies is that they illuminate the “why” behind ransomware and the concerning trends that are impacting businesses today.
Colonial Pipeline & Operational Attacks
In May, the company that operates the largest pipeline system for refined oil products in the U.S. suffered a ransomware cyberattack that impacted the technology systems managing the pipeline, essentially halting operations.
Amongst the fuel shortages that resulted in a national state of emergency, the attack caused significant reputational harm to Colonial Pipeline, disruption to operations for five days, and a staggering ransom payment of 75 Bitcoin ($4.4 million at the time). What makes this a unique case study is the following:
- It showcases how the cyber threat landscape has shifted from data threats to operational It’s much more lucrative for cybercriminals to hold most businesses hostage from operating than it is to hold data hostage. A historical marginalization of cyber exposure is “We don’t store a lot of data” or “We don’t process credit cards.” The Colonial Pipeline event demonstrates how cybercriminals are often not aiming to steal data, but rather threaten to shut down your business.
- It has been reported that the Colonial Pipeline event originated from a compromised password and could have been prevented if Multi-Factor Authentication (MFA) had been in place. The importance of MFA to stay resilient from cyber threats cannot be stressed enough. In our current environment, it has become an essential control for all businesses to implement.
Kaseya & Third-Party Vulnerabilities
Leading up to the 4th of July holiday weekend, Kaseya and various other managed service providers (MSP) were the subject of a ransomware attack that exploited a vulnerability in Kaseya’s VSA software. Through this attack, it was estimated up to 1,500 small- to medium-sized companies may have experienced a ransomware compromise through their MSP, including a grocery store chain in Europe that needed to close 800 stores Friday–Sunday as its payment processing systems were halted.
The attack is reminiscent of others we have seen in the past year, such as SolarWinds and Blackbaud, and highlights another cyber threat to businesses — cybercriminals are working smarter, not harder. Rather than attacking one business at a time, it’s much more efficient for cybercriminals to carry out these “supply chain” ransomware attacks that potentially give them access to thousands of businesses around the world.
In fact, one insurance carrier has reported 42 percent of cyber claims originate at the third-party level. Use of third-party service providers does not equate to security.
Businesses should conduct thorough and periodic due diligence throughout the course of the relationship with third-party party service providers, including evaluating potential risks/vulnerabilities if they suffered an outage/cyberattack.
This incident also reminds us businesses should always be on alert for cyberattacks before a long holiday weekend. If you think your business could be lacking in coverage, give us a call — we’re here to help.
For more information,
contact Gerald Johnson
at gjohnson@holmesmurphy.com
or 515-223-6826