In yet another high-impact and high-profile ransomware incident, the 'big game hunter' ransomware group 'DarkSide' accepted responsibility for an attack against the US-based Colonial Pipeline Company, an organization providing fuel pipeline services across multiple states (Figure 1) that transport a reported 100 million US gallons of fuel daily including direct service to airports.

On Thursday, May 6, Colonial Pipeline, which operates a pipeline that delivers gasoline and jet fuel to nearly 45 percent of the U.S. East Coast, fell victim to a ransomware attack. The attack took over 100 gigabytes of data hostage, causing the company to halt all pipeline operations and shut down several of its systems. The attackers, identified as a criminal gang known as DarkSide, threatened to leak proprietary information unless a ransom is paid.

Over the weekend, the Alpharetta-based Colonial Pipeline was hit by an extensive ransomware attack that shut down its information technology (IT) and industrial operational technology (OT) systems. Simply put, an all-too-common ransomware event targeting IT systems encouraged a voluntary shutdown on the production side (OT) of the business to prevent further exposure. Colonial Pipeline is responsible for 45% of the gasoline, diesel fuel and natural gas transported from Texas to New Jersey.

Attack vectors are defined as the means or paths by which hackers gain access to computers remotely with malicious intentions such as delivering payloads or carrying out other harmful activities. Some common ones are malware, social engineering, phishing and remote exploits.

The US Defense Department and third-party military contractors are being advised to strengthen the security of their operational technology (OT) in the wake of security breaches, such as the SolarWinds supply chain attack.

In our recent webinar, Netacea’s Head of Threat Research, Matthew Gracey-McMinn, and Enterprise Sales Manager for Travel and Tourism, Graeme Harvey, were joined by Director of Spike Digital, Duncan Colman, to delve into the top bots and cybersecurity threats set to target the travel industry in 2021.

Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.

Another day, another supply chain attack. No sooner did we recover from the SolarWinds breach, than we found ourselves reeling from a new ClickStudio attack. That’s why we’ve decided to launch this new series, fondly named The Source, to provide you with the latest news and updates on supply chain security. On this installment of ‘The Source’, get to know the red hot supply chain attack methods du jour.