The Evolution of the Cyber Landscape and Threats Businesses Face
Within the past 12 months, there has been no shortage of cyberattacks that have made front page news, but there have been two recent incidents that have stood out to me — the Colonial Pipeline ransomware attack and the Kaseya ransomware attack.
We all know ransomware threats continue to intensify. In fact, attacks doubled from 2019 to 2020, and the average ransom payment has eclipsed $136,000. But what makes the Colonial Pipeline and Kaseya attacks interesting case studies is that they illuminate the “why” behind ransomware and the concerning trends that are impacting businesses today.
Colonial Pipeline & Operational Attacks
In May, the company that operates the largest pipeline system for refined oil products in the U.S. suffered a ransomware cyberattack that impacted the technology systems managing the pipeline, essentially halting operations.
Amongst the fuel shortages that resulted in a national state of emergency, the attack caused significant reputational harm to Colonial Pipeline, disruption to operations for five days, and a staggering ransom payment of 75 Bitcoin ($4.4 million at the time). What makes this a unique case study is the following:
- It showcases how the cyber threat landscape has shifted from data threats to operational threats. For many businesses, it’s much more lucrative for cybercriminals to hold that business hostage from operating than it is to hold data hostage. A historical marginalization of cyber exposure is “We don’t store a lot of data” or “We don’t process credit cards.” The Colonial Pipeline event demonstrates how cybercriminals are often not aiming to steal data, but rather to threaten to shut down your business.
- It has been reported that the Colonial Pipeline event originated from a compromised password and could have been prevented if Multifactor Authentication (MFA) had been in place. The importance of MFA to stay resilient from cyber threats cannot be stressed enough. In the current environment we are in, it has become an essential control for all businesses to implement. If you’re interested in learning more about this, feel free to download our Multifactor Authentication Guide.
Kaseya & Third-Party Vulnerabilities
Leading up to the 4th of July holiday weekend, Kaseya and various other managed service providers (MSP) were the subject of a ransomware attack that exploited a vulnerability in Kaseya’s VSA software. Through this attack, it was estimated up to 1,500 small- to medium-sized companies may have experienced a ransomware compromise through their MSP, including a grocery store chain in Europe that needed to close 800 stores Friday–Sunday as their payment processing systems were halted.
The attack is reminiscent of others we have seen in the past year, such as SolarWinds and Blackbaud and highlights another cyber threat to businesses — cybercriminals are working smarter, not harder. Rather than attacking one business at a time, it’s much more efficient for cybercriminals to carry out these “supply chain” ransomware attacks that potentially give them access to thousands of businesses around the world.
In fact, one insurance carrier has reported 42 percent of cyber claims originate at the third-party level. Use of third-party service providers does not equate to security.
Businesses should conduct thorough and periodic due diligence throughout the course of the relationship with third-party party service providers including evaluating what your potential risks/vulnerabilities are if they suffered an outage/cyberattack.
This incident also reminds us businesses should always be on alert for cyberattacks before a long holiday weekend.
Our Upcoming Series on the Cyber Security Risks
There have been significant shifts in the cyber landscape that are moving at a rapid pace.
Holmes Murphy is here to be a partner for your organization to make sure you are equipped with the proper knowledge and resources to stay resilient from cyber threats.
This blog is the first in a 7-part series of blogs we will be publishing over the course of the next two months. The remaining parts of our series will cover topics such as ransomware mitigation assessments, ransomware stress tests, common vulnerabilities & exposures, and other cyber resources available to your leadership and employees. Be sure to tune in!
Published on: 07.22.21